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Abstract. We consider Dense-Timed Petri Nets (TPN), an extension of Petri nets in 
which each token is equipped with a real-valued clock and where the semantics is lazy 
(i.e., enabled transitions need not fire; time can pass and disable transitions). We consider 
the following verification problems for TPNs. 

(i) Zenoness: whether there exists a zeno-computation from a given marking, i.e., an 
infinite computation which takes only a finite amount of time. We show decidability of 
zenoness for TPNs, thus solving an open problem from [dFERAOO . Furthermore, the 
related question if there exist arbitrarily fast computations from a given marking is also 
decidable. 

On the other hand, universal zenoness, i.e., the question if all infinite computations 
from a given marking are zeno, is undecidable. 

(ii) Token liveness: whether a token is alive in a marking, i.e., whether there is a 
computation from the marking which eventually consumes the token. We show decidability 
of the problem by reducing it to the coverabihty problem, which is decidable for TPNs. 

(iii) Boundedness: whether the size of the reachable markings is bounded. We consider 
two versions of the problem; namely semantic boundedness where only live tokens are taken 
into consideration in the markings, and syntactic boundedness where also dead tokens 
are considered. We show undecidability of semantic boundedness, while we prove that 
syntactic boundedness is decidable through an extension of the Karp-Miller algorithm. 
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1. Introduction 

Petri nets |Pet62j IPet77j IMur89j are one of the most widely used models for analysis and 
verification of concurrent systems. Many different formalisms have been proposed which 
extend Petri nets with clocks and real-time constraints, leading to various definitions of 
Timed Petri nets (TPNs). A complete discussion of all these formalisms is beyond the 
scope of this paper and the interested reader is referred to the survey by Bowden |Bow96] 
and a more recent overview in [BCH+05] . 

In this paper we consider the TPN model used in [ANOlj where each token has an age 
which is represented by a real-valued clock, and the firing-semantics is lazy (like in standard 
untimed Petri nets). This dense time TPN model of [ANOlj is an adaption of the discrete 
time model of Escrig et al. [RGdFE99l IdFERAOOj . 

The main difference between dense time TPN and discrete time TPN is the following. 
In discrete time nets, time is interpreted as being incremented in discrete steps and thus the 
ages of tokens are in a countable domain, commonly the natural numbers. Such discrete 
time nets have been studied in, e.g., [RGdFE99, IdFERAOO] . In dense time nets, time is 
interpreted as continuous, and the ages of tokens are real numbers. Some problems for 
dense time nets have been studied in [ANOlj IAN021 lA"DMN04j . 

In this paper we mainly consider the dense time case. However, we also solve some 
open questions for discrete time nets, since they follow as corollaries from our more general 
results on the dense time case. 

The main characteristics of our TPN model (i.e., the model of [AN01] ) are the following. 

• Our TPNs are not bounded. The number of tokens present in the net may grow beyond 
any finite bound. 

• Each token has an age which is represented by a real-valued clock, i.e., time is continuous. 

• A transition is enabled iff there are enough tokens of the right ages on its input places. 
The right ages are specified by labeling the input arcs of transitions with time intervals. 

• The semantics is lazy, just like in standard untimed Petri nets. This means that an 
enabled transition need not fire immediately. It is possible that more time will pass and 
disable the transition again. (This is in contrast to many other classes of Petri nets with 
time, which have an eager semantics where transitions must fire when they are enabled; 
see [BCH + 05] for an overview.) 

• When a transition fires, the clocks of the consumed tokens are not preserved. Tokens 
which are newly created by a transition have their own new clocks. 

The formal definition of this TPN model is given in Section [2l 

TPN can, among other things, model parameterized timed systems (systems consisting 
of an unbounded number of timed processes) [ANOlj . 

Our TPN model is computationally more powerful than timed automata |AD90j IAD94j , 
since it operates on a potentially unbounded number of clocks. In particular, TPN subsume 
normal untimed Petri nets w.r.t. the semantics of fired transition sequences, while finite 
timed automata do not subsume Petri nets. Furthermore, both the reachability problem 
[RGdFE99j and several liveness problems [dFERAOOl [AN02j are undecidable for TPNs (even 
in the discrete time case). 

Most verification problems for TPNs are extensions of both classical problems previously 
studied for standard (untimed) Petri nets, and problems for finite-state timed models like 
timed automata. We consider several verification problems for TPNs. 
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Zenoness. A fundamental progress property for timed systems is that it should be possible 
for time to diverge |Tri99j , This requirement is justified by the fact that timed processes 
cannot be infinitely fast. Computations violating this property are called zeno. Given a 
TPN and a marking M, we check whether M is a zeno-marking, i.e., whether there is 
an infinite computation from M with a finite duration. The zenoness problem is solved 
in [AD901 IAlu91j for timed automata using the region graph construction. Since region 
graphs only deal with a finite number of clocks, the algorithm of [AD9CH IAlu91] cannot 
be extended to check zenoness for TPNs. In Section [31 we solve the zenoness problem for 
TPNs. To do this, we consider a subclass of transfer nets |FS98] which we call simultaneous- 
disjoint transfer net (SD-TN). This class is an extension of standard Petri nets, in which 
we also have transfer transitions which may move all tokens in one place to another with 
the restriction that (a) all such transfers take place simultaneously and (b) the sources and 
targets of all transfers are disjoint. 

Given a TPN N, we perform the following three steps: 

- Derive a corresponding SD-TN N'. 

- Characterize the set of markings in N' from which there are infinite computation:^]. 

- Re-interpret the set computed above as a characterization of the set of zeno-markings in 
N. 

In fact, the above procedure solves a more general problem than that of checking whether 
a given marking is zeno; namely it gives a symbolic characterization of the set of zeno- 
markings. 

The zenoness problem was left open in [dFERAOO] both for dense TPNs (the model we 
consider in this paper) and for discrete TPNs (where behavior is interpreted over the discrete 
time domain). The construction given in this paper considers the more general dense time 
case. The construction can easily be modified (in fact simplified) to deal with the discrete 
time case. (In the discrete time case, unlike for dense time, every zeno computation must 
have an infinite suffix that takes zero time.) 

Arbitrarily Fast Computations. In Section[5]we consider a question related to zenoness: 
'Given a marking M, is it the case that for every e > there is an M-computation which 
takes at most e time?' This is a stronger requirement than zenoness, and we call markings 
which satisfy it a/feeno-markings. Like for zeno-markings, one can compute a symbolic 
characterization of the set of allzeno- mar kings, and thus the problem is decidable. 

Markings from which there are computations which take no time at all are called 
zeroizme-markings. For discrete time nets, allzeno-mar kings and zerotime-markings co- 
incide, but for general dense time nets zerotime-markings are (in general) a strict subset. 
Again one can compute a symbolic characterization of the set of zerotime-markings. 

Universal Zenoness. In the zenoness problem, the question was whether there existed 
at least one zeno run, i.e., an infinite computation which takes finite time. The universal 
zenoness problem is the question whether all infinite runs are zeno. The negation of this 
question is the following: Given some marking M, does there exist some non-zeno M- 
computation, i.e., an infinite computation from M which takes an infinite amount of time? 
In Section [6] we show that this question (and thus universal zenoness) is undecidable, by a 
reduction from lossy counter machines |May03| . 



In contrast to SD-TN, such a characterization is not computable for general transfer nets |May03| . 
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Token Liveness. Markings in TPNs may contain tokens which cannot be used by any 
future computations of the TPN. Such tokens do not affect the behavior of the TPN and are 
therefore called dead tokens. We give an algorithm to check, given a token and a marking, 
whether the token is dead (or alive). We do this by reducing the problem to the problem 
of cover ability in TPNs. An algorithm to solve the coverability problem is given in [AN01] . 
Token liveness for dense TPNs was left open in [dFERAOO] . 

Boundedness. We consider the boundedness problem for TPNs: given a TPN and an 
initial marking, check whether the size of reachable markings is bounded. The decidability 
of this problem depends on whether we take dead tokens into consideration. In syntactic 
boundedness one considers dead tokens as part of the (size of the) marking, while in semantic 
boundedness we disregard dead tokens; that is we check whether we can reach markings with 
unboundedly many live tokens. Using techniques similar to |RGdFE99] it can be shown that 
semantic boundedness is undecidable. On the other hand we show decidability of syntactic 
boundedness. This is achieved through an extension of the Karp-Miller algorithm where 
each node represents a region (rather than a single marking). The underlying ordering 
on the nodes (regions) inside the Karp-Miller tree is a well quasi- ordering |Hig52 . This 
guarantees termination of the procedure. 

Decidability of syntactic boundedness was shown for the simpler discrete time case in 
[dFERAOO] . while the probl em was left open for the dense case. 



2. Timed Petri Nets and Regions 



Timed Petri Nets. We consider Timed Petri Nets ( TPNs) where each token is equipped with 
a real- valued clock representing the age of the token. The firing conditions of a transition 
include the usual ones for Petri nets. Additionally, each arc between a place and a transition 
is labeled with a time-interval whose bounds are natural numbers (or possibly oo as upper 
bound). These intervals can be open, closed or half open. When firing a transition, tokens 
which are removed (added) from (to) places must have ages lying in the intervals of the 
corresponding transition arcs. 

We use N,M-°,M >0 to denote the sets of natural numbers (including 0), nonnegative 
reals, and strictly positive reals, respectively. For a natural number k, we use N k and N£ to 
denote the set of vectors of size k over N and N U {u>}, respectively (to represents the first 
limit ordinal). 

We use a set Intrv of intervals. An open interval is written as (w : z) where aieN and 
z 6 N U {oo}. Intervals can also be closed in one or both directions, e.g. [w : z] is closed in 
both directions and [w : z) is closed to the left and open to the right. 

Definition 2.1. For a set A, we use A* and ^4® to denote the set of finite words and 
finite multisets over A, respectively. We view a multiset b over A as a mapping b : A \— > 
N. Sometimes, we write finite multisets as lists with multiple occurrences, so [2.4 3 , 5.1 2 ] 
represents a multiset b over K-° where 6(2.4) = 3, 6(5.1) = 2 and b(x) = for x ^ 2.4, 5.1. 
For multisets b\ and 62 over N, we say that b± < 62 if 61(a) < 62(a) for each a € A. The 
multiset union b = b\ U 62 is defined by b(a) = max (61(a), 62(a)) for each a £ A and the 
multiset intersection 6 = 61 n 62 is defined by 6(a) = min (61(a), 62(a)) for each a & A. 

We define 61 + 62 to be the multiset 6 where 6(a) = 61(a) + 62(a), and (assuming 
61 < 62) we define 62 — 61 to be the multiset 6 where 6(a) = 62(a) — 61(a), for each a G A. 
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For a multiset b : A ^ N, we write |6| := X^aeA K a ) f° r the number of elements in b. 
We use to denote the empty multiset and e to denote the empty word. 

Given a set A with partial order <, we define a partial order < w on A* as follows. 
We have a\ . . . a n < w b\. . . b m iff there is a subsequence bj 1 . . . bj n of b\ . . . b m s.t. V/c € 
{1, ... ,n}.o fc < 

Given a set A with an ordering ^ and a subset -B C A, B is said to be upward closed 
in yl if a\ € -B,«2 G ^4 and ai ^ a2 implies a2 G -B. Given a set B C A, we define the 
upward closure B f to be the set {a G A| 3a' G -B : a' ^ a}. A downward closed set -B and 
the downward closure B { are defined in a similar manner. We also use a |, a J,, a instead 
of {a} |, {a} j, {a}, respectively. 

Definition 2.2. [ANOlj A Timed Petri Net (TPN) is a tuple 2V = (P,T, In, Out) where P 
is a finite set of places, T is a finite set of transitions and In, Out are partial functions from 
T x P to ihtfra. 

If In(t,p) (respectively Out(t,p)) is defined, we say that p is an input (respectively 
output) place of t. 

We let max denote the maximum integer appearing on the arcs of a given TPN. 

A marking M of N is a finite multiset over P x R— . The marking M defines the 
numbers and ages of tokens in each place in the net. We identify a token in a marking M 
by the pair (p, x) representing its place and age in M. Then, M((p,x)) defines the number 
of tokens with age x in place p. Abusing notation again, we define, for each place p, a 
multiset M(p) over R^°, where M(p)(x) = M((p,x)). 

For a marking M of the form [(pi,xi) , . . . , (p n > x n)] an d x £ M >0 , we use M +x to 
denote the marking [{pi, x\ + x) , ... , (p n , x n + x)]. 

Transitions: We define two transition relations on the set of markings: timed transition 
and discrete transition. A timed transition increases the age of each token by the same real 
number. Formally, for x G M >0 , M 1 — > x M 2 if M 2 = M^ x . We use M x — >s M 2 to denote 
that Mi — > x M 2 for some x £ R >0 . 

We define the set of discrete transitions — >d as (JteT — where — >t represents 
the effect of firing the discrete transition t. More precisely, M\ — >t M 2 if the set of 
input arcs {(p,l)\ In{t,p) = 1} is of the form {{pi,X\), . . . , (pk,Ik)}, the set of output 
arcs {(p,T)\ Out(t,p) = Z} is of the form {(gi, J7i), ...,(%, Jij)-, and there are multisets 
b\ = ,(p k ,x k )] and b 2 = [(qi,yi) ,(qe,Ve)] over P x such that the 

following holds: 

- bi < Mi 

- Xi G Ti, for i : 1 < i < k. 

- Ui G Ji, for i : 1 < i < I. 

- M 2 = (Mi - &i) + b 2 . 

We say that t is enabled in M if there is a b\ such that the first two conditions are satisfied. 
A transition t may be fired only if for each incoming arc, there is a token with the right 
age in the corresponding input place. These tokens will be removed when the transition 
is fired. The newly produced tokens have ages which are chosen nondeterministically from 
the relevant intervals on the transitions' output arcs. 

We write — > = — >$ U — >r> to denote all transitions, — — > to denote the reflexive- 
transitive closure of — > and — >J to denote the transitive closure of — >£>. It is easy to 
extend — — > for sets of markings. We define Reach(M) := |M' | M — — > M'} as the set of 
markings reachable from M. 
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Computations: Generally, a computation from a given marking is just a (finite or infinite) 
sequence of enabled transitions. For technical reasons, we need to distinguish two types of 
computation: disc-computations where the first transition is a discrete transition and time- 
computations where the first transition is a timed transition. 

A Mo-disc-computation tt from a marking M$ is a computation that starts with a 
discrete transition. It is a (finite or infinite) sequence 

M Mq ^ xo M x ^+ M[ — » X1 M 2 ^+ M' 2 -^ X2 M 3 ^+ . . . 

of markings and transitions where x\ 6 M >0 . (If the sequence is infinite but contains only 
finitely many timed transitions then the infinite suffix has the form — >^.) It follows that 

• The first transition is a discrete transition. Thus Mo — >J Mq. 

• Every timed transition has a non-zero delay, i.e., x.- t E M >0 . 

• Without restriction, timed transitions cannot directly follow each other. We can require 
this, since — > X1 — > X2 has the same effect as — >^ Xl+X2 y Therefore, timed transitions 
must be separated by at least one discrete transition. Thus we require Mj — >J M[ for 
i > 0. 

• This implies that every infinite computation tt must contain infinitely many discrete 
transitions — >£>. An infinite computation may contain either finitely many or infinitely 
many timed transitions. 

The delay of the disc-computation tt is defined as 

oo 

A(tt) :=5>i 

i=0 

A Mo-time-computation tt from a marking M has the form 

M —3 M 4 . . . 

where x 6 K >0 and 7r' is a Mo-disc-computation. In this case the delay A(tt) := x + A(7r'). 

Intuitively, the delay is the total amount of time passed in all timed transitions in the 
sequence. For infinite computations tt, the delay A(tt) can be either infinite or finite. In 
the latter case the computation tt is called a zeno computation (see Section [3]). By M 
we denote the fact that tt is an M-computation. 




Figure 1: A small timed Petri net. 

Figure Q] shows an example of a TPN where P = {Q,R,S} and T = {a, b, c}. For 
instance, In(b, Q) = (3 : 5) and Out(b,R) = (0 : 1) and Out(b,S) = (1 : 2). A marking 
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of the given net is Mo = [(Q, 2.0), (R, 4.3), (R, 3.5)]. A timed transition from Mq is given by 
Mo — >i.5 Mi where Mi = [(Q, 3.5), (i?, 5.8), (R, 5.0)]. An example of a discrete transition 
is given by Mi — > b M 2 where M 2 = [(i?,0.2), (S, 1.6), (i?,5.8), (#,5.0)]. 

Our model subsumes untimed Petri nets in the following sense. If all intervals are of 
the form [0 : oo) then the age of the tokens does not matter for the transitions, and thus 
the possible behavior (i.e., sequences of fired transitions) is the same as that of an untimed 
Petri net with the same structure. However, there cannot be any bijection between the sets 
of markings of a timed- and the corresponding untimed net, since the former is (in general) 
uncountable. 

Next, we recall a constraint system called regions defined for Timed automata |AD90] . 

Regions: A region defines the integral parts of clock values up to max (the exact age of a 
token is irrelevant if it is greater than max), and also the ordering of the fractional parts. 
For TPNs, we need to use a variant which also defines the place in which each token (clock) 
resides. Following Godskesen [God94j . we represent a region in the following manner. 

Definition 2.3. A region is a triple (bo,w, b max ) where 

• bo € (P x {0, . . . , max}) , bo is a multiset of pairs. A pair of the form (p,n) represents 
a token with age exactly n in place p. 

• w € ((P x {0, ... , max — l}) — {0}) . This means that w is a word over the set 
(P x {0, . . . , max — l}) — {0}, i.e., w is a word where each element in the word is a 
non-empty multiset over P x {0, . . . , max — 1}. The pair (p,n) represents a token in 
place p with age x such that x € (n : n + 1). Pairs in the same multiset represent tokens 
whose ages have equal fractional parts. The order of the multisets in w corresponds to 
the order of the fractional parts (i.e., smaller fractional parts come first in the word w). 

• b max £ P Q . b max is a multiset over P representing tokens with ages strictly greater than 
max. Since the actual ages of these tokens are irrelevant, the information about their 
ages is omitted in the representation. (This is because the transitions in the net cannot 
distinguish between different ages of tokens if these are strictly bigger than max. Note 
that tokens with age exactly max are represented in bo.) 

The semantic of a region (bo,w, b max ) would not change if we allowed empty multisets to 
appear in w. Therefore we forbid this in order to obtain a unique representation. However, 
the multisets bo and b max can be empty. 

Formally, each region R characterizes an infinite set of markings {RJ as follows. Assume 
a marking M = [(pi,xi) , . . . , (p n , x n )] and a region R = (bo, &1&2 • • ■ b m , 6 m +i). Let each 

multiset bj be of the form (%i), V{j s i)) \Q(j,W >y UM) for : - J - m and bm+1 is 
of the form [(JW+i,!) , . . . , Q(m+i,i m+1 )]- We say that M satisfies R, i.e., M € {RJ, iff there is a 
bijection h from the set {1, . . . , n} to the set of pairs {(j, k)\ (0 < j < m + 1) A (1 < k < £j)} 
such that the following conditions are satisfied. 

• pi = qvj) • Each token should have the same place as that required by the corresponding 
element in R. 

• If h(i) = (j, k) then j = m + 1 iff > max. Tokens older than max should correspond 
to elements in multiset & m +i. The actual ages of these tokens are not relevant. 

• If Xi < max and h(i) = (j,k) then \xi\ = yy,fc)- The integral part of the age of tokens 
should agree with the natural number specified by the corresponding elements in w. 

• If Xi < max and h(i) = (j,k) then frac(xi) = iff j = 0. Tokens with zero fractional 
parts correspond to elements in multiset bo- 
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• If xi x ,Xi 2 < max, h(i\) = (ji,ki) and hfo) = (^2,^2) then frac(xi L ) < frac(xi 2 ) iff 
ji < 32- This condition implies frac(xi 1 ) = frac(xi 2 ) iff j\ = j\. Thus, tokens with equal 
fractional parts correspond to elements in the same multiset (unless they belong to b m+ i). 
Furthermore, the ordering among the multisets inside R reflects the ordering among the 
fractional parts of the clock values (increasing from left to right). 

We sometimes identify a region R with the set of markings \R\ it represents (i.e., we write 

R instead of [R]). 




zero increasing frac. > max 

frac. 



Figure 2: Marking M in (a) satisfies region R in (b). 

Example 2.4. Consider the TPN N in Figure [T] with max = 7. Figure Eta) shows a 
marking M = [(#,2.0) ,(5,5.5), (R, 1.7), (5,6.7), (Q.8.9)]. Figure EJb) shows the unique 
region R = ([(!?, 2)], [(5,5)] • [(R,l), (5,6)], [Q]) such that M G {Rj. (The symbol • 
stands for concatenation.) In Figure E^b), each circle corresponds to a multiset of tokens of 
./V with same fractional parts. Dotted lines show how the tokens of M in TPN correspond 
to elements in the region R. 

Equivalence and orders. The region construction defines an equivalence relation = on 
the set of markings such that M\ = M2 if, for each region R, it is the case that M± € {RJ 
iff M 2 € [Rj. 
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It is well-known |AD90| that = is a time-abstract bisimulation on the set of markings. 
In other words, if Mi — ► M2 and Ml = M3 then there is an M4 such that M2 = M4 and 
M 3 — > M 4 . 

Notice that given a marking M, it is easy to compute the unique region Rm satisfied 
by M. 

Next we define an order and a preorder on markings of TPN. First, there is the usual 
order < on multisets (markings are multisets of timed tokens). We have M\ < M2 iff 
\/p.M\(p) < M2(p), i.e., Mi can be obtained from M2 by removing some tokens. 

The preorder ^ abstracts from the precise values of the ages of the tokens and considers 
only their relation to each other. We define Mi ■< M2 if there is an M' 2 with Mi = M' 2 and 
M'2 < M2. In other words, Mi ^ M2 if we can delete a number of tokens from M2 and as a 
result obtain a new marking which is = equivalent (but not necessarily = equivalent) to Ml. 
The relation < is only a preorder on the set of markings, because it is not antisymmetric. 
However, it is an order on the equivalence classes w.r.t. =. 

We let Mi -< M 2 denote that Mi ^ M 2 and Mi ^ M 2 . Notice that — > is monotonia 
with respect to the preorder ^, i.e, if Mi — ► M2 and Mi ^ M3 then there is an M4 such 
that M 2 ^ M 4 and M 3 — ► M 4 . 

Next we define a partial order ^ on the set of regions. 

Definition 2.5. Let R = (bo, b\ . . . b m , 6 m +i) and R' = (co, c\ . . . q, q + i) be regions. Then, 
R H R' iff there is a strict monotone injection g : {0, . . . , m + 1} — > {0, ...,/ + 1} with 
g(0) = and g(m + 1) = I + 1 and < c 9 (j) for each i : < i < m + 1. We let i? -< i?' 
denote that i? ^ i?' and R ^ R' . 

The order H on regions agrees with the order < on markings. 

Lemma 2.6. For regions R and R' , if R < R' then for each M € |i?],M' € {R'J, we have 
M r< M'. 

Proof. Directly from Def. O and Def. □ 

Lemma 2.7. Given a TPN and a region R, the upward closure \RJ' w.r.t. < zs the same as 
the upward-closure w.r.t. < Formally, {Rf := {M \ 3M' G [i?].M' < M} = {M | 3M' G 
Ji2].M' H M} 

Proof. The C inclusion is trivial, since M' < M implies M' ^ M. To prove the 5 inclusion 
let M' G [i?] and M' ^ M. Then, by definition of ^ there exists some marking M" s.t. 
M" < M and M" = M'. It follows from M' G \R\ and the definition of = that M" G 
Thus M is also in the first set. □ 

The following Lemma shows that the < preorder on regions of Def. 12.51 is compatible 
with the < preorder on markings. Thus (sets of) regions can be used as a canonical rep- 
resentation of upward-closed sets of markings, provided that they are closed under =. We 
define the upward closure of a region w.r.t. -< by R \ := \R! \ R -< R'} and generalize the 
definition of the denotation from regions to sets of regions in the standard manner. So we 
define {R]} := Um*W 

Lemma 2.8. Consider a region R of a TPN and the preorder ^ on markings and regions 
as defined in Def. {KM Then {Rf = {R]j. 

Proof. If R is the empty region then the equivalence holds trivially. For the rest assume 
that R is not empty. If M G [i?] T then there exists a marking M' < M s.t. M' G {Rj, by 
Lemma O It follows that R = R M > < Rm =■ R' and thus M G {R'j C 
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If M £ {R T] then there exists some region R' with R < R' and M G [R'\. Pick 
some marking M' £ {Rj. By Lemma ESI we get M' <M. Thus we obtain M € {Rf by 
Lemma 12.71 □ 

One can symbolically represent certain upward-closed sets of markings as the upward 
closures of finite sets of regions. 

Definition 2.9. A Multi-region upward closure (MRUC) a is represented as a finite set of 
regions a := {R±, ■ ■ ■ , R n } where each Ri is a region. This represents an upward closed set 
of markings [a] defined as follows. 

[«]:= (J \Rif 
i=l,...,n 

Note that, by Lemma [M [a] = Ui=i,..., n P 2 itl- 

Lemma 2.10. Multi-region upward closures (MRUCs) are effectively closed under union 
and intersection. 

Proof. The union operation is trivial, since for MRUC a, (3 we have [a] U [/3] = [a U j3J. 

For the intersection operation consider two MRUCs a := {Ai,...,A n } and (3 := 
{Bx,...,B m }. Then 

H n IP} = [J [A] T n IBjV 

l<i<n, l<j<m 

Thus it suffices to show that for any two regions A, B one can construct a MRUC inter (A, B) 
s.t. {inter(A, B)] = {Af n {Bf . Given this, one can express the intersection as a new 
MRUC U i<i<n,i<j<mi n tsr{Ai, Bj), since 

inter (Ai,Bj) 

l<j<n, l<j<m 

We construct the MRUC inter (A, B) for given regions A, B. Let A — {oq, a\ai . . . a n , a max ) 
and B = (b , hb 2 • . . b m , b max ). 

Intuition: For the multisets ao,6o and a max ,b max constructing the minimal requirements 
for the intersection of their upward-closures is simple. It is just the maximum, i.e., the 
multiset union (see Def. 12.11 for multisets), and we have aj n frj = (ao U &o)^ (similarly for 

ttmax ) bmax ) • 

The sequences of multisets a±a2 ■ ■ ■ a n and 6162 • • • b m represent orderings of the frac- 
tional parts of the ages of tokens in those multisets. However, the fractional part of a\ could 
be smaller, equal to, or larger than the fractional part of b\, &2> etc. All of these cases must 
be considered. If two multisets aj, bj represent the same fractional part, then the minimal 
requirement for markings in the upward-closure of the intersection is the maximum, i.e., the 
multiset union of a, and bj. Otherwise they must appear individually in the proper order 
of the fractional parts. 

Construction: Formally, let F be the set of all injective, strictly monotone increasing 
functions / : {1, . . . , n} — > {1, . . . , n + m} and G the set of all injective, strictly monotone 
increasing functions g : {1, . . . , m} — > {1, . . . ,n + m}. (Note that F and G are finite.) These 
functions are normally not surjective and we define R(f) := /({l,...,n}) and R(g) ■= 
g({l, . . . , m}). For any f € F and g € G we define a sequence of multisets 

s(f,g) ■= cic 2 . . .c n+m 



H n [/3] = 
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such that for any i G {1, . . . , n + m} 

• If i G R(f) (~1 R(g) then 3j, k. i = f(j) = g(k). Let a := a,j U o fc . 

• If i G and i ^ -R(o) then 3j = f~ l (i). Let q := a,j. 

• If i ^ and j G i?(<?) then 3/c = a _1 («). Let c, := 

• Else q := 0. 

For each /, g, the sequence of multisets s(/, 5) describes a possible interleaving/combination 
of the sequences a\ . . . a n and b\ . . .b m . However, s(f, g) might contain some empty multi- 
sets, which must be removed in order to satisfy the requirements for regions (see Def. 12.311 , 
Given a sequence of multisets x\ . . . Xk, let e(x\ . . . Xk) be the subsequence where all the 
empty multisets have been removed. 
We can now define the MRUC 

inter(A, B) := [J {(a Ub ,e(s(f,g)),a max Ub max )} 

f£F,geG 

Proof of correctness: We show that this construction satisfies the required property 
\inter(A,B)] = lA]ln[B]l. 

Let M G [inter(A, B)]. Then there exist / G F,g G G s.t. M G {(a U b ,e(s(f, g)),a max U 
b m ax)V ■ Since a\,...,a n is a subsequence of e(s(f,g)) and ao C ao U bo and a max C 
Q"max U b max we get [A]|T = [(a , aia2 . . . a n , a ma3; )]^ 5 [(ao U 6o ; e ( s (/i Omax U 6 m ax)F- 
Therefore, M G [LA] ■ By a symmetric argument (with a and b interchanged) we obtain 
M G \Bf. So finally we get M G [Af n [5]l 

Now we show the other inclusion. Let M G \A^ n [-B]^. There exist markings M\ < M 
and M 2 < M with M 1 G [A] and M 2 G {Bj. Since Mi,M 2 are markings, they are 
multisets of (timed) tokens and we can define a new marking M' as their multiset union 
(see Def. EE]) by M' := Mi U M 2 and obtain M' < M. Now there exist functions / G F 
and g G G, expressing the relative orders of the fractional parts in M\ and M 2 , s.t. M' G 
[(a U b ,e(s(f,g)),a max U 6 maa! )]. It follows that M G [(o U b ,e(s(f,g)),a max U 6 mox )] T 
and thus M G [inter (A, B)\. □ 

We define functions Pre and Posi on sets of markings S such that Pre(S) and Post(S) 
are the one-step predecessors and successors of markings in S, respectively. Formally, 
Pre{S) := {M | 3M' G S.M — ► M'} and Post(S) := {M \ 3M' G S. M' — ► M}. By 
replacing the transition relation with its reflexive-transitive closure we obtain the sets of all 
predecessors and successors, respectively. Formally, Pre* (5) := {M | 3M' G S.M — + M'} 
and Posf(S) := {M \ 3M' £ S.M' ^ M}. 

The following lemmas show that for TPN and multi-region upward closures (MRUC) 
S, one can effectively construct the sets Post(S), Pre(S) and Pre*(S) as MRUC. 

Lemma 2.11. ( , [ADMN04j ) Let S be a set of markings which is represented as the upward- 
closure of a finite set of regions, i.e., a MRUC. Then the set Post(S) is effectively con- 
structible as a MRUC. 

The construction for Pre*{S) is done by the classic technique of successive construction 
of Pre- n (S) for larger and larger n (all of which are upward closed and representable by 
MRUC) which eventually converges to Pre*(S) by Higman's Lemma |Hig52| , because ^ is a 
well-founded preordering on regions. (The correctness is implied by the compatibility of the 
preorder ^ on regions with the order < on markings, i.e., Lemma 12.71 and Lemma 12.81 ) A 
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proof can be found in [AJ98J and a more general result (for the more expressive formalism 
of 'existential zones') has been shown in [ANOlj . 

Lemma 2.12. Let S be a set of markings which is represented as the upward- closure of 
a finite set of regions, i.e., a MRUC. Then the sets Pre(S) and Pre*(S) are effectively 
constructible as MRUC. 

Finally, it is known that, for TPN, the set Post*{S) cannot be effectively constructed in 
any symbolic representation with a decidable membership problem, since the reachability 
problem is undecidable |RGdFE99] . 



3. Zenoness 

A zeno-computation of a timed Petri net is an infinite computation that has a finite delay. 
Zenoness-Problem 

Instance: A timed Petri net N, and a marking M of N. 

Question: Is there an infinite M-computation tt and a finite number m s.t. A(tt) < m ? 

We consider a timed Petri net N. A marking M is called a zeno-marking of N iff the 
answer to the above problem is 'y es '- 

Note that the zeno-computation tt can be either a disc-computation or a time-computation, 
depending on whether the first transition is discrete or timed. 

We let ZENO denote the set of all zeno-mar kings of N. More generally, we define 

ZENO m := {M | 3 an infinite computation tt.M —> A A(vr) < m} 

Thus ZENO = U m > ZENO m . 

The decidability of the zenoness-problem for timed Petri nets (i.e., the problem if M G 
ZENO for a given marking M, or, more generally, constructing ZENO) was mentioned in 
[dFERAOO] by Escrig, et.al. as an open problem for both discrete and dense-timed Petri 
nets. In this section, we show that for any TPN, a characterization of the set ZENO can 
be effectively computed. We also show that this implies the computability of ZENO for 
discrete-timed Petri nets. 

The following outline explains the main steps of our proof. 

Step 1: We translate the original timed Petri net N into an untimed simultaneous- 
dis joint-transfer net N'. Simultaneous-disjoint-transfer nets are a subclass of trans- 
fer Petri nets [Hei821 IFSOlj where all transfers happen at the same time and do 
not affect each other (i.e., all sources and targets of all transfers are disjoint). The 
computations of N' represent, in a symbolic way, the computations of N that can 
be performed in time less than 1 — 5 for some predefined < 5 < 1. 

Step 2: We consider the set INF of markings of N', from which an infinite compu- 
tation is possible. INF is upward-closed and can therefore be characterized by the 
finite set INF m i n of its minimal elements. While INF m i n is not computable for gen- 
eral transfer nets [DJS 99, M a y03| , it is computable for simultaneous-disjoint-transfer 



nets, as shown in Lemma 13.411 
Step 3: We re-interpret the set INF (resp. INF min ) of N' markings in the context 
of the timed Petri net N and construct from it a characterization of the set ZENO, 
described by a multi-region upward closure (MRUC) (see Def. I2.9[) . 
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To simplify the presentation, we first show Step 1 and Step 3. Then, we show how to 
perform Step 2. 

3.1. Step 1: Translating TPNs to Simultaneous-Disjoint-Transfer Nets. 

First we define simultaneous- dis 'joint-transfer nets. 

Definition 3.1. Simultaneous-disjoint-transfer nets (short SD-TN) are a subclass of trans- 
fer nets. A SD-TN N is described by a tuple (P,T, Input, Output, Trans) where 

• P is a set of places, 

• T is a set of ordinary transitions, 

• Input, Output : T —> 2 P are functions that describe the input and output places of every 
transition, respectively (as in ordinary Petri nets), and 

• Trans describes the simultaneous and disjoint transfer transition. In order to emphasize 
the simultaneous operation of the transfers, we define Trans as a single transition with 
many effects, rather than as a set of transitions. We have Trans = (I, O, ST) where 
I C P, O C P, and ST CPxF, Trans consists of two parts: (a) I and O describe the 
input and output places of the Petri net transition part; (b) the pairs in ST describe the 
source and target places of the transfer part. Furthermore, the following restrictions on 
Trans must be satisfied: 

- If (sr, tg), (sr' , tg') G ST then sr, sr', tg, tg' are all different and {sr, tg} fl (/ U O) = 0. 

Let M : P — > N be a marking of N. We use < as the ordering on the set of markings 
(Section [2j). The firing of normal transitions t G T is defined just as for ordinary Petri nets. 
A transition t G T is enabled at marking M iff \/p G Input (t). M(p) > 1. Firing t yields the 
new marking M' where 

M'(p) = M{p) if p G Input{t) n Output[t) 

M'(p) = M{p) - 1 if p G Input(t) - Output (t) 

M'(p) = M(p) + 1 if p G Output(t) - Input(t) 

M'(p) = M(p) otherwise 

The transfer transition Trans is enabled at M iff Vp G I. M(p) > 1. Firing Trans yields the 
new marking M' where 

M'{p) = M{p) if p G / n O 

M'[p) = M(p) - 1 if p G I - O 

M'{p) = M (p) + 1 if p G O - I 

M'(p) = if V-(P,P0 G ST 

M'[p) = M(p) + M(p') if (p',p) G ST 

M'{p) = M{p) otherwise 

The restrictions above ensure that these cases are disjoint. Note that after firing Trans all 
source places of transfers are empty, since, by the restrictions defined above, no place is 
both source and target of a transfer. 

We use M — ► M' to denote that M' is reached from M either by executing an ordinary 
Petri net transition t G T' or the transfer transition Trans. 



In the following, sometimes we use transfer transition to mean simultaneous-disjoint 
transfer transitions. 
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3.1.1. Construction of SD-TN from a TPN. For a given TPN N = (P,T, In, Out) we con- 
struct a SD-TN N' = {P' ,T' , Input, Output, Trans). The intuition is that N' simulates 
symbolically all computations of N which can happen in time < 1 — 5 for some predefined 
1 > 5 > 0. First we show how to construct the places of SD-TN. Then we show how to 
simulate a discrete transition of N by a set of transitions of N'. Finally, we show how 
to simulate timed transitions of N by simultaneous-disjoint-transfers and a set of normal 
discrete transitions as in ordinary PNs. 

We let max be the maximal finite constant that appears in the arcs of the TPN. We 
define a finite set of symbols Sym := {k \ k G N, < k < max} U {k + | fc G N, < k < 
max}L){k — \ k G N, 1 < k < max} and a total order on Sym by k < k+ < (k+1) — < (k+1) 
for every k. 



3.1.2. Constructing places of SD-TN. We let P' = {p(sym) \ p G P, sym G Sym}, i.e., 
for every place p G P of N we have a set containing places of the form p(sym) such that 
sym G Sym. The set P' is finite, since both P and sym are finite. 

A token in place p(k) encodes a token of age exactly k on place p. A token in p(k+) 
encodes a token in place p of an age x which satisfies k < x < k + 5 for some a-priori 
defined < 5 < 1. This means that the age of this token cannot reach k + 1 in any 
computation taking time < 1 — 5. A token in p(k—) encodes a token in p whose age x 
satisfies k — 1 + 5 < x < k and which may or may not reach age k during a computation 
taking time 1 — 5. For instance, given 5 = 0.6, a TPN token (p, 1.5) is encoded as p(l+) 
while another TPN token (p, 2.7) is encoded as p(3—). The SD-TN tokens p(k),p(k+) and 
p{k—) are called symbolic encodings of the corresponding TPN token (p,a). 

In particular, the age of a p{k—) token could be chosen arbitrarily close to k, such that 
its age could reach (or even exceed) k in computations taking an arbitrarily small time. 

3.1.3. Translating Discrete Transitions. First we define a function enc : Intrv -» 2 Sym as 
follows. 

enc([x : y]) := {sym € S'ym | x < sym < y} 
enc((x : y]) := {sym G iSym | x < sym < y} 
enc([x : y)) := {sym G Sym \ x < sym < y} 
enc((x : y)) := {sym G ^ym | x < sym < y} 

For instance, enc([l : 2]) = {1,1+, 2-, 2} and enc([l : 2)) = {1,1+, 2-}. We say that 

enc(I) is the encoding of interval T. By the definition above, the bound oo is encoded as 

max+, i.e., enc([l : oo)) = {1, 1+, 2—, 2, . . . , max, max+}. 

For every transition t G T in the TPN iV, we have a set X"(t) of new transitions in N'. 

The intuition is that the transitions in T'(t) encode all possibilities of the age intervals of 

input and output tokens. 

Example 3.2. Consider the TPN in Figure [3l part 1. The only (discrete) transition t has 
an input arc from place p labeled [0 : 1] and two output arcs both labeled [0 : 0] to places p 
and q, respectively. The translation of this transition into its corresponding SD-TN would 
yield 4 different transitions in T'(t) with output arcs to both places p(Q) and q(0), and input 
arcs from places p(0) , p(0+) , p(l— ) or p(l), respectively, as shown in Figure[3l parts 2. (a), 
2.(b), 2.(c), and 2.(d). 



DENSE-TIMED PETRI NETS 



15 




Figure 3: Simulating (1) t in TPN by (2) a set T'(t) consisting of 4 transitions in 2. (a), 
2.(6), 2.(c) and 2.{d). 

Example 3.3. Consider the TPN in Figure 01 part 1. The only (discrete) transition t has 
an input arc from place p as in Figure O part 1., but the output arc to place q is labeled by 
the interval [0 : 1]. This will yield the 16 different transitions in T'(t), shown in Figured! 
part 2., since enc([0 : 1]) = {0,0+, 1-, 1}. 

Each transition t of TPN N yields a set T'(t) of transitions in the corresponding SD-TN 
N'. Each transition in the set T'(t) is of the form t'(A, B) where A and B are the set of input 
and output places of t'(A,B) respectively, i.e., Input (t' (A, B)) = A and Output(t' (A, B)) = 
B. In the following, for each transition t in TPN, we compute a set Vi n (t) (V ou t(t)) which 
contains the set of input (output) places for each transition in T'(t). 

For every t £ T, consider the set of input arcs Aj n (t) = {pi(Xi), . . . ,p m (l m )} and the 
set of output arcs A out (t) = {p'i(Ji), • • • ,Pe(<Ji)}- Now, we define V% n {t) Q 2 P where each 
element in Vi n (t) is a set A of places and is given by 

A = {piisymx), . . . ,Pm.{sym m )} 

where sym i € enc(Tj) for i : 1 < i < m. Intuitively, each set A in Vi n (t) corresponds to a 
unique combination of encodings of input tokens of t in N. 

For every t £ T we define V ou t{t) Q % P m a similar manner. We define V ou t(t) where 
each element in V ou t(t) is a set B of places and is given by 

B = {p'i(sym[), . . . ,p' e (sym' e )} 

where sym^ £ enc{Ji) for i : 1 < i < I. Similarly, each set B in V ut(t) corresponds to a 
unique combination of encodings of output tokens of t in N. 

We define T'(t) := {t'(A,B) \ A £ Vi n (t), B £ V out (t)} and finally V := \J teT T'(t). 

Example 3.4. Consider the example in Figure El Here, In(t,p) = [0 : 1], Out(t,p) = [0 : 
0], In(t,q) = and Out(t,q) = [0 : 0}. We have enc([0 : 1]) = {0,0+,l-,l} and enc([0 : 
0]) = {0}. Then V in (t) = {{p(0)} , {p(0+)} , {p(l-)} , {p(l)}} and V out {t) = {{q(0)}}. 
The four transitions in Figure El 2 are given by t'({p(0)} , {q(0)}), t'({p(0+)} , {q(0)}), 
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2. 

Figure 4: Simulating (1) t in TPN by (2) a set T'(t) consisting of 16 transitions. (For 
readability, these 16 transitions are listed individually, rather than in a combined 
net.) 



t'({p(l-)},{g(0)}) and t'({p(l)},{q(0)}), respectively, 
transitions. 



T'it) consists of the above four 



3.1.4. Translating Timed Transitions. So far, the transitions in T' only encode the discrete 
transitions of N . The passing of time will be encoded by a sequence of transitions, including 
one use of the transfer transition. Our construction must ensure the following properties. 

• We need to keep discrete transitions and time-passing separate. Therefore, we must first 
modify the net to obtain alternating discrete phases and time-passing phases. 

• Time-passing phases must not directly follow each other. They must be separated by at 
least one discrete transition. 

Our SD-TN is extended and modified in several steps. 

(1) First we add three extra places p disci Ptimel and pu m e2 to P' which act as control-states 
for the different phases. (The time-passing phase has two sub-phases). The construction 
will ensure that at any time there is exactly one token on exactly one of these places. 

(2) Normal transitions can fire if and only if pdisc is marked. Thus we modify all transitions 
t G T' by adding pdisc to Input (t) and Output (t). 

(3) We add an extra place p CO unt to P' which counts the number of fired discrete transitions 
since the last time-passing phase. Thus we modify all transitions t G T' by adding 
Pcount to Output (t). This is needed to ensure that time-passing phases are separated 
by at least one discrete transition. A new time-passing phase can only start if p C ount is 
non-empty, and p count will be cleared of tokens during the time-passing phase. 
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(4) Now we add a new transition t switch-time which starts the time-passing phase. We define 
Input (t sw itch- time) = {p disc, P count} and Output(t sw itch-time) = {Ptimel}- It can only fire 
if Pcount is marked (thus time-passing phases cannot directly follow each other) and 
moves the control-token from Pdisc to ptimel ■ (Note that p CO unt is not necessarily empty 
after this operation, since it might have contained more than one token. The place 
Pcount will be cleared later by the transfer transition.) 

(5) If the control-token is on ptimel then the transfer transition Trans is the only enabled 
transition. It encodes (in an abstract way) the effect of the passing time on the ages of 
tokens. After an arbitrarily small amount of time < 1 passes, all tokens of age k have 
an age > k. This is encoded by the simultaneous-disjoint transfer arc, which moves all 
tokens from places p(k) to places p{k+). Furthermore, it will move the control-token 
from place ptimel to place pumeS- Finally, it needs to clear the place p count of tokens. To 
do this, we add a new special place Pdump (which is not an input place of any transition; 
the number of tokens on Pdump is semantically irrelevant) and transfer all tokens from 
Pcount to Pdump- Formally, Trans := (I,0,ST) where I := {ptimel}, O := {ptim.es}, 
and ST := {{p(k) , p(k+)) | < k < max} U {(p count, Pdump)}- Note that the transfer 
transition Trans is enabled even if no tokens are present on the places p(k). 

(6) Now the control-token is on place ptime2- Next we add two new sets of transitions to 
T", which encode what happens to tokens of age k— when (a small amount < 1 of) time 
passes. Their age might either stay below k, reach k or exceed k. Notice that we do 
not need to do anything in the first case. 

• For every k E {1, . . . , max} we have a transition with input places ptime2 and p(k-) 
and output places ptime2 an d p(k). This encodes the second scenario. 

• Furthermore, for every k 6 {1, ... , max} we have a transition with input places ptime2 
and p(k-) and output places pu m e2 and p{k+). This encodes the third scenario. 

(7) Finally, we add an extra transition t sw itch-disc with input place ptime2 and output place 
Pdisc , which switches the net back to normal discrete mode. 

Note that after a time-passing phase the only tokens on places p(k) are those which came 
from p(k—), because all tokens on p(k) were first transferred to p(k+) by the transfer 
transition. Furthermore, the place p C ount is empty after a time-passing phase, and thus 
^■switch-time is not immediately enabled. At least one discrete transition must fire before 
the next time-passing phase. Therefore, every infinite computation of the SD-TN N 1 must 
contain infinitely many discrete transitions. 

Convention: Since the number of tokens on place Pdump is semantically irrelevant, we will 
ignore this place in the rest of our proof. It was only introduced for technical reasons to 
empty Pcount by the transfer, since we do not have reset-arcs, but only a transfer arc. 

Example 3.5. In Figure we simulate the timed transitions of a TPN with a single place 
p and max = 1. The transition t sw itch-time starts the time-passing phase by moving the 
token from Pdisc to ptimel and consumes one token from p C0U nt (thus it cannot fire if p C ount 
is empty). The transfer transition is described by the dotted line and the transfer arcs are 
shown as thick arrows from the source of the transfer to the target of the transfer, namely 
from p(0) to p(0+) and from p(l) to p{l+). The place p CO unt is cleared by moving all its 
tokens to the (otherwise unused) place Pdump ■ The Petri net part of a transfer (input from 
Ptimel and output to Ptime2) is shown as ordinary arcs. The transitions t\ and £2 move a 
token from p{l— ) to p(l) and to p(l+), respectively, if there is a token in pu m e2- Finally, 
tswitch-disc moves the token from pu m e2 back to pdisc and ends the time-passing phase. 
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Figure 5: Simulating a time-passing transition in a TPN for time < 1 — 5, by the corre- 
sponding SD-TN. 



3.2. Step 3: Constructing ZENO. 

ZENO as a MRUC. 



In this section, we show how to compute the set 



Definition 3.6. Let iV be a TPN and N' = (P\ T' , Input, Output, Trans) the corresponding 
SD-TN, defined as in Subsection 13.11 

• We say that a marking M' of N' is a standard marking if M'(pdisc) = 1 an d M'(ptimel ) = 
M'(j>time2) = and M'(p count ) = 0. (It follows that a computation from a standard 
marking cannot start directly with a time-passing phase.) Let Q be the set of all markings 
of N' and O' the set of all standard markings of N'. 

• We denote by INF the set of all markings of N' from which infinite computations start. 
Since INF is upward-closed in f2 with respect to < and < is a well-quasi-ordering, INF 
can be characterized by its finitely many minimal elements (see also Lemma l3.18p . Let 
INF m i n be the set of minimal elements (markings). 

• Let INF' and INF' min be the restriction to standard markings of INF and INF m i n , re- 



spectively. I.e., INF' := INF n fi' and INF' m 



INF min n Q'. The set INF' is not 



upward-closed in f2. However, by the following Lemma 13.71 INF' is the upward-closure 
of INF' min in Q'. Thus INF' can be characterized by the finite set INF' min of its minimal 
elements. 

Lemma 3.7. INF' is the upward- closure of INF' in in $7'. 



Proof. Let X := {M' G Q' | 3M G INF' m 
W. We need to show that INF' = X. 



M' > M} be the upward-closure of INF' min in 
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The inclusion X C INF' holds trivially, by monotonicity of SD-TN and the fact that 
all markings in X are standard markings. 

Now we show the other inclusion INF' C X. Let M' G INF' = INF n 9!. Since 
M' G INF, there exists some marking M G INF min such that M < M'. Since M G MF, it 
follows from the definition of /ATP and the construction of the SD-TN N' that M(pdi S c) + 
M(pti m ei ) + M(pti me 2) > 1, i.e., at least one of these places must be marked or there cannot 
be an infinite run. Since M' G 0,' we have M'{p^ sc ) = 1 an d M'(ptimei) = M'(ptimes) = 
M'(p count ) = 0. Therefore, by M < M', we have that M(p disc ) = 1 and M(p timel ) = 
M{p time2 ) = M{p count ) = and thus M G Q,' . So we obtain M G INF mm nO' = W min . 
Since M' G fi' is a standard marking and M' > M, we finally obtain M' G X as required. Q 

The following definitions establish the connection between the markings of the timed 
Petri net N and the markings of the SD-TN N' . 

Definition 3.8. For every 5 with < 5 < 1 we define a function intg ■ (P X IR- ) — > (P' — » 
N) that maps a marking M of to its corresponding marking M' in iV'. M' := intg(M) is 
defined as follows. Let 



M'(p(k)) 
M'(p(k+)) 


= M((p,k)) 


for k G N, 


< k < max. 




for fe G N, 


< k < max — 1 


M'(p(max+)) 
M'(p((k + 1)-)) 

M'{p timel ) 

M'(ptime2) 
M'(p coun t) 








= Ek+S<x<k+1 M ((P> X )) 


for k G N, 


< k < max — 1 


= 1 






= 






= 






= 







Note that M' = int$(M) is a standard marking according to Def. 13.61 

For instance, for a TPN marking M = [{p, 1), (p, 0.5), (p, 0.95), (p, 1.9), (p, 2.1), (p, 3.9)] and 
max = 2,5 = 0.8 we obtain int$(M) = \p(l) , p(0+) , p(l—) , p(2—) , p(max +) , p(max+) , pdisc]- 

The intuition is as follows. In an infinite computation it starting at M with A(-7r) < 1—5, 
no TPN token {p, x) with k < x < k + 6 can reach age k + 1 by aging. This is reflected in N' 
by the fact that p(k+) tokens are not affected during the time-passing phase. On the other 
hand, TPN tokens (p, x) with fe + <5<x<A; + l can reach an age > k + 1 by aging. This 
is reflected in N' by the fact that p((k + 1)—) tokens can become p(k + 1) or p((k + 1)+) 
tokens during the time-passing phase. 

The following lemma establishes a correspondence between fast disc-computations of 
the TPN (i.e., starting with a discrete transition; see Section [2]) and computations of the 
SD-TN. 

Lemma 3.9. Consider a TPN N with marking Mq, the corresponding SD-TN N' con- 
structed as above, and < 5 < 1. If there exists an infinite Mq- disc- computation ir 
such that A(7r) < 1 — 5 then there exists an infinite ints (Mq) -computation it' in N' , i.e., 
int s (Mo) G INF'. 
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Proof. We show that for every infinite Mo-disc-computation tt of the form 



M - 


Mq 1 - 


> D Ml - 


*D ■ 


. . M no 


Mi — 


~>D M\ - 


> D Ml - 


> D ■ 


. . M™ 1 


M 2 ... 











with rij > 1 and A(tt) < 1 — 5, there is a corresponding infinite computation in N' of the 
form 

int So (M ) — ► ^(M^ + ^^j — ► mi ao (M 2 )+{p 2 cow J — ► . . . mt ao (K°)+{iCmJ 
rot^Mi) — ► ^(M^ + ^^t} — ► ^(M^+^^J — . . . zn^Mf ) + &„*} 
int 52 (M 2 ) . . . 

with (Jo = <5 and for all i, 1 > 5i+i > 5i. Let 7Tj be the infinite suffix of it starting at Mj. The 
values of 5. L will be defined such that A(7Tj) < 1 — (The condition > 5i is required, 
because A(7Tj + i) < A(7Tj).) 

For every discrete transition step M? — >d M/ +1 there exists a transition step in N' 
of the form int Si (Mp + {p^J *nt 5i (M/ +1 ) + {pj^}, where (it G T'(t) by the 

construction in Section 13.1,11 and Def. 13.81 Note that the functions intg. always return 
standard markings (with no tokens on place p count)- However, in the computation of the 
SD-TN, the number of tokens on p CO unt represents the number of steps since the last time- 
passing phase. 

For every timed transition step M™' — > Xi Mj + i we have 8i+\ = Si + Xi < 1. By 
the construction in Section 13.1.11 and Def. 13.81 there is a sequence of transitions in N' (the 
encoding of the time-passing phase) of the form m^(M" 4 ) + {p^ unt } — — ► ints i+1 (Mi+i). 
The time-passing phase can start at ints^M™*) + {p n c l unt }, because n{ > 1, i.e., there 
is at least one token on place p C ount- Note in particular that if some token (p,x) with 
k + 5i<x<k + l reaches an age equal to (or greater than) k + 1 in the transition from 
M" j to Mj_|_i then its encoding p((k + 1)—) can be transformed into a token p{k + 1) or 
p((k + l)+) in the time-passing phase of N'. Furthermore, all tokens in M™' with fractional 
part are transformed into tokens with a strictly positive fractional part in Mj + i, since 
X{ > 0. In N' this is encoded by the fact that all p{k) tokens become p(k+) tokens in the 
time-passing phase. Finally, all tokens are removed from p C0U nt i n the time-passing phase. 
Thus the resulting marking ints i+1 (Mi+i) is a standard marking again. □ 

The reverse implication of Lemma l3.9l does not generally hold. The fact that ints(M) G 
INF for some marking M of a TPN iV does not imply that there is an infinite M- 
computation in the corresponding TPN. The infinite int,5(M)-computation in N' depends 
on the fact that the p(k-) tokens do (or don't) become p(k) or p(k+) tokens at the right 
step in the computation. For example, in an infinite computation taking time 0.5, two 
different TPN tokens (p, 0.8) and (p, 0.9) are both interpreted as p(l— ) in N'. However, 
(p, 0.8) cannot become (p, 1) by aging unless (p, 0.9) becomes (p, 1.1), while their symbolic 
encodings p(l— ) can become p(l) or p(l+) in any order. 

To establish a reverse correspondence between markings of N' and markings of iV we 
need the following definitions. 
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Definition 3.10. Consider a TPN N = (P,T,In, Out). Let N 1 be the corresponding SD- 
TN with places P' = {p(sym) \ p G P, sym G Sym} U {pdiscPtimel ,Ptime2,P count] and a 
standard marking M' : P' — > N. Let M'~ , M' + be the sub-markings of M' defined as 
follows. 

• M'-(p(k-)) = M'(p{k-)) for each place of the form p(k-) in P'; M'~ (p(k+)) = and 
M'~ (p(k)) = for each place of the £orm p(k+) andp(A;) in P', respectively. M'~(p x ) = 

for any p x G {pdiscPtimel , P time 2, P count}- 

• M' + (p(k+)) = M'(p(k+)) for each place of the form p{k+) in P'. But M' + (p(k-)) = 
and M /+ (p(fc)) = for each place of the form p(k-) and p(k) in P' , respectively. 
M' + (p x ) = for any p x G {p disc, Ptimel ,Ptime2,P count}- 

Let perm{M'~) be the set of all words 

w- = bi • ... • 6 n G ((P x {0, . . . , max - l}) - {0})* 

such that for allp and k < max we have that M'~(p((k+1)— )) = + - • - + b n ((p, k)). 

Similarly, let perm(M' + ) be the set of all words 

w + = bi • ... • b n G ((P X {0, ... , max - 1})° - {0})* 

such that for all p and k < max, we have M' + (p((k)+)) = bi((p, k)) + . . . + b n ((p, k)). 

Intuitively, perm(M'~) describes all possible permutations of the fractional parts of (the 
ages of) tokens in a TPN marking M which are symbolically encoded as p(k—) tokens in the 
corresponding SD-TN standard marking M'. Note that several different tokens can have 
the same fractional part. Similarly, the set perm{M' + ) describes all possible permutations 
of the fractional parts of (the ages of) tokens in a TPN marking M which are symbolically 
encoded as p(k+) tokens in the corresponding SD-TN standard marking M'. 

Example 3.11. Let max = 1. Consider M' = [p disc ,p(l),q{l+),p(Q+),q(l-),q(\-)]. 
Then perm(M'-) = {[(<?, 0)] • [(g,0)] , [(<?, 0), (q, 0)]} and perm(M'+) = {[(p,0)]}. Notice 
that q(l+) does not belong to perm(M' + ), since max = 1. 

Every standard marking M' of the SD-TN defines a set of TPN markings, depending 
on which permutation of the fractional parts of the ages of the p{k— )-encoded tokens and 
p(fc+)-encoded tokens is chosen. 

Definition 3.12. Let N' be a SD-TN. For every standard marking M' : P' — > N we define 
a multi-region upward closure (MRUC) Reg(M') as follows. The MRUC Reg(M') contains 
all regions Reg(M' ,w+,w-) of the form (bo,w + • W-,b max ), where bo((p,k)) = M'(p(k)) 
for all p and all k < max, w + G perm(M' + ), w_ G perm(M'~) and b max (p) = M'(p(max+)) 
for all p. 

Example 3.13. Consider M' = \p disc ,p(l),q(l+),p(0+),q(l-),q(l-)] and sets perm (M'+), 
perm(M'~) of Example 13.111 Reg(M') consists of the 2 regions shown in Figure El 

Next we show how an infinite disc-computation of the SD-TN corresponds to a zeno 
computation in the TPN which starts with a discrete transition. 

Lemma 3.14. Let N be a TPN with corresponding SD-TN N' and M' G INF'. Then 

3w- G perm(M'-).\/w + G perm(M /+ ). {Reg(M', w+, w_)f C (J ZENO 1 - 6 C ZENO 

<5>0 
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Figure 6: Reg(M') = {Ri,R 2 } 



Proof. Since M' G INF', there is an infinite M'-computation w' = M' ->■ M[ ->■ . . . . 

The first transition in ir' is a discrete transition, since M' is a standard marking. The 
computation tt' contains a (possibly infinite) number of time-passing phases (where the 
control-token shifts to the place Ptimei and then Ptimez) PPPii tpP2i ■ ■ ■ ■ Now consider the 
original p(k—) tokens in M 1 which become p{k) tokens or p(k+) tokens in the i-th time- 
passing phase tpp i . Other tokens which were newly created during the computation ir' are 
not considered here. (They will be treated differently; see below). Let cti be the multiset 
of p(k—) tokens in M' which become p(k+) tokens in tpp i and /3, the multiset of p{k— ) 
tokens in M' which become p(k) tokens in tpp^ (Note that this does not happen by the 
transfer transition, but by normal transitions in second part of the time-passing phase, 
where the control-token is on place ptime2-) We have cti,(3i < M'~, but not necessarily 
Sj g N( a i + Pi) = M'~, because p(k—) tokens can also be used by normal transitions in the 
discrete phase or never become p(k) or p(k+) tokens at all. Let 7 := M'~ — Sj g fsj(aj + 
Since M'~ is finite, there exists a smallest number m such that on + 0i = for all i > m. It 
follows that there exists an infinite suffix ir" of ir 1 such that in tt" no original p{k—) token 
of M' becomes a p(k) or p(k+) token. 

We define W- € perm(M'~) by u>_ := 7 • (3 m • a m • ■ ■ ■ • (3\ • ct\. 

We need to prove that 

Vw + G perm{M' + ). {Reg(M', w+, W-)f C [J ZENO 1 ' 5 

8>0 

For this it suffices to show that \Reg{M\ w+, W-)] C \J S>0 ZENO 1 " 5 , because ZENO 1 ' 5 
is upward-closed. Now let w + G perm(M' + ) and let M G {Reg(M', w+, W-)J. We need to 
show that M G ZENO 1 " 5 for some 5 > 0, i.e., that there exists an infinite M-computation 
7r with A(7r) < 1 - 5. 

Since M G [Reg(M', w + ,W-)j there exists a 5 with < 5 < 1 and int s (M) = M'. By 
our assumption above, M' G Z/VF' is a standard marking where an infinite computation 
tt' starts. The computation %' begins with a normal transition (not a time-passing phase), 
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since M' is a standard marking. Based on this tt' , we now construct an infinite M-disc- 
computation tt with A(tt) < 1 — S. 

A crucial feature of the construction of this particular M-disc-computation tt is the 
order of the fractional parts of the ages of tokens. While this order is given for the tokens 
already present in M, it can be chosen conveniently (i.e., as needed) for those tokens which 
are newly created during tt. The main ideas for this construction are the following: 

• Since A(tt) < 1, for any token it can happen at most once during tt that it reaches the next 
higher integer age by aging. In particular, initially present tokens which are interpreted 
as p(k-) may age to p{k) or p{k+), but not to p((k + 1)—) or higher during tt. 

• All time intervals on transition arcs in the timed Petri net have integer bounds (see 
Section [2]). Thus one can have intervals like (1 : 4] or [2 : 7), but not [1.3 : 2.1]. This 
means that if a token is newly created during tt then the fractional part of its age can be 
chosen nondeterministically arbitrarily closely to the next higher integer. For example, 
if a token is created by an output arc labeled [1 : 2) then its age could be 1.7, 1.9, 1.99, 
or 1.99999, etc. Consider an already existing token with an age whose fractional part 
is a nonzero value x. Now another token is newly created, and let y be the fractional 
part of its age. Then all cases y < x, y > x and y = x are possible, e.g., y = x/2 or 
y = x + (l — x)/2, or y = x. This means that the newly created token could reach the next 
higher integer age before, after, or at the same time as the old token, depending on which 
value y is chosen. For each of these scenarios there is a computation in with the fractional 
part y is chosen to implement it. In general, for any permutation of the orders of the 
fractional parts of the ages of newly created tokens (w.r.t. already existing tokens and 
each other), there is some computation in which their ages are chosen to create this order. 
Of course, this only applies to tokens which exist at the same time in the net during the 
computation tt, not those who are created (directly or indirectly) by each other. 

The computation tt has the form M — >£> Mj 1 — > Mj 2 — > . . . where the sequence {jijigN 
is a subsequence of 1,2, . . . (it skips the intermediate steps in the time-passing phases of 
tt') and Mj. = int 5 ..(M k ) + {p n count } (for some n > 0) and 5 h = 5 + A(M — > M h — ► 
Mj 2 — > . . . — > Mj t ). (The first transition in tt is a discrete transition, since also the first 
transition in tt' is one.) 

For every simulation of a discrete transition of N in tt' (i.e., not in the time-passing 
phase) of the form M[ — > M' i+l where M[ = int$ t (Mi) + {p™ ount } (for some n > 0) there 
is a corresponding discrete transition in tt of the form Mi — >£> Mj + i where <5j+i = 5i and 
M' i+1 = int Si+1 (M i+1 ) + {p^ount}- This follows directly from Def. EZQ (Note that the extra 
parts with {p™ ount } and {p"owi*} are necessary. For technical reasons, the SD-TN counts the 
number of discrete transitions since the last time-passing phase, while the functions intsi 
always return standard markings without tokens on p CO unt-) 

Now we consider the i'-th time-passing phase for 1 < i' < m. (Recall the definition 
above that m is the index number of the last time-passing phase where original p(k—) tokens 
of M' change into p(k) or p(k+) tokens. The remaining case of i' > m will be considered 
later.) For every sequence of transitions M[ — — » Ml in tt' representing the i'-ih. time-passing 
phase there is a corresponding single time-transition in tt of the form Mi — > £ ., Mi, where 
M[ = int Si (Mi) + {p n count } (for some n > 1), S t = Si + e v and M{ = int h {Mi). (Note 
that M[ must contain at least one token on p CO unt for the time-passing phase to start there 
and thus n > 1. On the other hand, M[ is a standard marking, since it is reached at 
the end of a time-passing phase and thus does not contain any tokens on p coun t-) The 
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delay ey is chosen as By := 1 — fy where fy is the fractional part of the age of those 
tokens in Mj which are mapped to (5y by intg.. This ensures that in this timed transition 
the right tokens (of those originally present in M) reach (those mapped to (3y) or exceed 
(those mapped to ay) the next higher integer age. For the other tokens of Mj, which were 
newly created during tt we can arbitrarily choose the values of their fractional parts, i.e., 
for every combination of these values there is a possible computation which implements it. 
Thus one can assume that these fractional parts are conveniently chosen such that they do 
(or don't) reach (or exceed) the next higher integer age, just as required by the condition 
intg, (Mi) = M!. Since intg(M) = M', only those tokens in M with a fractional part > 5 
were mapped to p(k—) tokens in M' and only those tokens can reach (or exceed) age k in 
tt. Therefore it follows from our choice of the By for i! < m that Y^f=i £ j' < 1 — Thus 
we get A := (1 — S) — J2T=i e *' > 0- (The quantity A will be used to determine the By for 
i' > m.) 

Now we consider the z'-th time-passing phase for i' > m. These are the time-passing 
phases in the infinite suffix tt" of tt' mentioned above. For them, it works like the case 
above, except that the delays By do no longer depend on the initial marking M, because 
a i' + Pi' = for i' > m - As shown above, none of the original tokens of M are involved 
in these i'-th time-passing phases for i! > m. The only tokens involved in this (reaching 
or exceeding the next higher integer age in this phase) are tokens newly generated in tt 
(which have an age greater than 5 and are mapped to p(k—)). As explained above, the 
fractional parts of their ages can be chosen conveniently (i.e., as needed) such that they 
reach or exceed the next higher integer age exactly as required for the correspondence with 
the computation tt' . In particular, their ages can be chosen arbitrarily close to the next 
higher integer age such that the required delays By (for i' > m) can be made arbitrarily 
small. We choose By := (A/2) * T~ % for i' > m. 

So we obtain A(vr) = Ei'eN 6 *' = Ei<i'< m ^i' + Ei'> m < Ei<i'< m £ i' + X / 2 < 
Ei<i'< m + A = 1 - S. Thus A(vr) < 1 - 5 and M G ZENO 1 ' 6 , as required. □ 

Now we describe the algorithm to compute the set ZENO as a multi-region upward 
closure. The algorithm computes a MRUC Z, given by Definition 13.151 and we prove in 
Lemma EE! and Lemma EE2 that \Z\ = ZENO. 

Definition 3.15. Let TV be a TPN with corresponding SD-TN N'. 

Z:= |J |J p| Pre*({Reg(M',w + ,w^}) 

M'£lNF' min w + £perm(M'+) «j_eperm(M'-) 

3.3. Proof of Correctness. We need to show that Z is effectively constructible and that 
\Z\ = ZENO. 

The constructibility of Z requires the following steps. 

• The set INF' min is finite and effectively constructible. This will be shown in Subsection l3.41 

• For any M' € INF' min the sets perm(M' + ) and perm(M'~) are finite and effectively 
constructible. This follows directly from Definition 13.101 and the finiteness of M' . 

• Since Reg(M' , w+,w-) is a region, we can interpret {Reg(M', w+, W-)} as a MRUC. Then 
Pre* ({Reg(M' , w + , w_)}) can be effectively constructed as a MRUC by Lemma 12.121 
(Note that Pre* is computed w.r.t. the relation — > = — >s U — >d which includes both 
timed- and discrete transitions. Thus the zeno-computations starting from markings in 
\Z\ may also start with a timed transition.) 
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• By Lemma l2.10[ the finite union and intersection operations on MRUC are computable 
and yield a MRUC Z. 

Now we show that \Z\ = ZENO. 
Lemma 3.16. [Z\ C ZENO. 

Proof. Let M G \Z\. Then there is an M' G INF' min and a sequence w+ G perm(M' + ) such 
that M G [n^_ eperm(M ,- ) Pr e *({ J Re 9 (M / ,u; + ,u;_)})]. 

We choose the sequence w_ G perm(M'~) according to Lemma 13.141 and so obtain 
M G \Pre*({Reg(M' , w + ,w-)})} and \Reg{M\ w+, w-)f C Thus M G ZENO, 

since Pre* {ZENO) = ZENO. □ 

Lemma 3.17. Z£M) C [Z]. 

Proof. Let M G ZENO. By the definition of zeno-marking, there exists an infinite M- 
computation 7r and a finite number m such that A(-7r) < m. It follows that there exists 
an infinite suffix of n that takes only < 1/2 time. Thus there exists a marking Mi such 
that M — ^ Mi and an infinite Mi-computation tt\ with A(-7ri) < 1/2. Since Mi contains 
finitely many tokens and 7Ti is infinite, there exists an infinite suffix of n\ such that none 
of the original tokens of Mi is used in this infinite suffix (although some might still be 
present; these are represented by M4, see below). Since every infinite computation must 
contain infinitely many discrete transitions (see Section [2]) , there exists an infinite suffix of 
this infinite suffix of tt\ which starts with a discrete transition. 

Thus there exist markings M2, M3 and M4 and a finite computation iT2 such that 

• Mi 3 M 2 = M 3 + M 4 

• All tokens in M3 were created during tt2- 

• There is an infinite M3-disc-computation tt^ with A(7r27r3) < 1/2, and thus A^) < 1/2. 
Let M3 := int 1/2(^3)- Then we have M3 G INF by Lemma [3.9| since 7r3 is an infinite disc- 
computation. From Definition 13.121 we have that there are permutations w+ G perm{M'^ r ) 
and W- G perm(Mg~) such that M3 G {Reg(M{ i ,w+,w-)}. 

Since M3 G INF and INF' is upward-closed (in 0'; see Def. 13. 6p . there exists a marking 
Mg G INF' min such that Mg < M3. Therefore M(( + < M!+ , Mg~ < M'f and perm{Mg + ) C 
perm{M'^ r ) and perm(Mg~) C perm(M^). 

This means that there also exist permutations u>^ G perm(Mg + ) with u;^ iu + 
and u/_ G perm(Mg~) with u/_ w_ (see Def. 123} and thus {Reg(Mg, w' + , u/„)l T 2 
[i?e5(M^, w + ,w- )] T . It follows that M 3 G [i2eff(M^, u> + , «;_)] C [Reg{M^ w + , w_)l T C 

Now consider all those tokens in M3 which are mapped to p{k—) tokens in M3, i.e., 
those with a fractional part of their age which is > 1/2. These tokens (like all others in 
M3) were all created during TT2 and none of them had an integer age during tt2, because 
A (^2) < 1/2. Thus, the fractional parts of their ages are totally independent and any 
permutation is possible, i.e., for any permutation there is a computation which implements 
it (for the reasons explained in the proof of Lemma 13. 141) . 

Therefore, for every w- G perm(Mg~) there is a marking in N such that 

• Mi M™- + M 4 

• M£- G [Reg(M^w + , ru_)]. 
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Since M3 < M3 we have that for every w'_ G perm(M^ ) there is a corresponding w~ G 
perm(M^) with w'_ < w u>_, i.e., w/ 



is the restriction of u>_ to M3 . It then follows from 



the property above that for every w'_ G perm(M^ ) there is a marking M 
s.t. 



M™ _ in iV 



Mi 



Mn " + M 4 



. M™- G [iMM3,<X-)] T - 

It follows that for every w'_ G perm(M^~) we have Mg 10 ^ + M 4 G \Reg(M'^ , w' + , w'_)p and 
thus Mi G Pre*({£e#(M3^tt4X_)}). Since M G Pre*{M 1 ) we finally obtain 

n ^({^(a^.tuvv-)}) 

£perm(M^'~ ) 

with M3 7 G /iVF' OTin and w' + G perm(M^ + ), and thus M G [Z]. □ 

By Lemma 13.161 and Lemma 13.171 we have that ZENO = \Z\ . It remains to show that 
INF' min is effectively constructible. 



3.4. Step 2: Computing INF' min . Computability of the set ZENO (in the last section) 
requires that the minimal elements of any upward closed set is effectively constructible. In 
this section, we show for any SD-TN, how to construct the set of minimal elements INF m i n 
of INF. Then INF' min is obtained by just restricting INF m i n to standard markings (see 
Def.ES]). 

For constructing INF m i n , we use a result by Valk and Jantzen |VJ85j . Our algorithm 
depends on the concepts of semi-linear languages, Presburger Arithmetic, Parikh's Theorem 
and Dickson's Lemma, described in the following. Recall that we use (v\, . . . ,v n ) or v 
interchangeably to denote a vector of size n. 

Lemma 3.18. (Dickson's Lemma |Dicl3| ) 

For every infinite sequence of vectors x[, x*2, ■ ■ ■ in N n there exists an infinite non- 
decreasing subsequence. In particular, there exist indices i,j with i < j s.t. x"i < Xj (< 
taken component-wise). 

3.4.1. Semilinear Sets. First we define linear sets. 

Definition 3.19. A set L C N n is called linear, if there exist vectors vq, v{, . . . , v^ G N n 
such that 

L = ^vo + Y]kiVi I fa,..., km gn| 
We denote this linear set by L = L(vq; %). 

Example 3.20. L((0, 0); (0, 2), (2, 0)) = {(0,0) + &i(0, 2) + k 2 (2, 0)| fa,k 2 G N} is linear. 

Definition 3.21. A subset of N n is called semilinear if it is a finite union of linear sets. 

Theorem 3.22. [Gin66j Semilinear sets are closed under union, intersection, complemen- 
tation and first-order quantification. 
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Next we define the Parikh mapping ip. Given a finite alphabet S = {a\, . . . ,a n }, ip 
is a function from X* to N n , defined by <p(w) = (# ai (w), . . . ,# a „(w)), where # Qi (w) is 
the number of occurrences of a, in it?. Thus 93(e) = (0, ... ,0) and ip{w\ • . . . • w m ) = 
YllLi <p( w i)- Finally, given a language LCE*, f{L) = W( w )\ w £ L}. If tp(L) is semilinear 
for a language L, then L is called a semilinear language. 

Theorem 3.23. (Parikh's Theorem) |Par66| <p(L) is effectively semilinear for each context- 
free language L. 

As a special case, Theorem l3.23l holds for regular languages, since every regular language 
is a context-free language |Par66j . 

Example 3.24. Let £ = {01,02,03}. 

Then ^(01020103020303) = (2, 2, 3) G L((2, 0, 1); (0, 1, 1)). 

Also, (p(ab*ca) = {(2, 0, 1) + n * (0, 1, 0)| n G N}. 

3.4.2. Presburger Arithmetic. Presburger arithmetic is the first-order theory of the inte- 
gers with addition and the ordering relation over Z, also denoted as (Z, <,+). Formally, 
Presburger arithmetic is the first-order theory over atomic formulae of the form 



where Oj,c are integer constants, Xj-s are variables ranging over integers and ~ is a com- 
parison operator, where ~G {=, 7^, <, <, >, >}. This means that a Presburger formula p is 
either an atomic formula, or it is constructed from the Presburger formulae p\ , P2 recursively 
as follows: 

p:=-.p! I p 1 Ap 2 I piVp 2 I 3xi.pi(xi, . . . ,x n ) 
where pi(x±, . . . Presburger formula over free variables xi, . . . ,x n and 1 < i < n. 

Theorem 3.25. (Presburger) [B A93] Presburger arithmetic is decidable. 

As a shorthand notation, we work with Z w = Zu{w} instead of the usual Z, where a; is 
the first limit ordinal. This is not a problem, since Presburger-arithmetic on Z^ can easily 
be reduced to Presburger-arithmetic on Z as follows. For every variable x one adds an extra 
variable x' which is used in such a way that the original state x = k < u is represented by 
(x,x r ) = (k,0) and the original state x = to is represented by (x,x') = (0, 1). It is easy to 
encode the usual properties like u + k = cj — k = u + u = u. 

Theorem 3.26. [G S66] A subset o/N n is semilinear iff it is definable in Presburger Arith- 
metic. 




Ki<n 



28 



P. A. ABDULLA, P. MAHATA, AND R. MAYR 



3.4.3. Result from Valk and Jantzen. 

We recall a result from |VJ85j . 

Theorem 3.27. (Valk & Jantzen |VJ85] ) Given an upward-closed set V C N fc , the finite 
set V m in of minimal elements of V is effectively computable iff for any vector u € the 
predicate u { fl V ^ is decidable. 

Proof. Assume that the minimal elements of V, denoted by V m i n can be computed. Then 
V = V m i n + N fc gives a semilinear representation of V. Since u J, is also a semilinear set, a 
representation of which can be found effectively, the predicate u [ fl V ^ is decidable. 

On the other hand, assume that the predicate is decidable for any vector u £ N^. The 
following method then effectively constructs V m i n . First start with a singleton set of vectors 
Wo := {(cj, . . . with k uj-s. Let W% be the set of vectors that we need to consider in 
the i-th iteration and V» the set of minimal elements found for V m i n in the i-th iteration. 
Initially Vo := 0. We let pred v (u) denote u [ n V ^ 0. We repeat the following. 
Stage 1: In this stage, we perform the following two loops sequentially. 
Loop 1: We choose some vector u from W{ and compute predy(u). If the value is 
false, then we remove u from W{. We get out of this loop if predy(u) is true or 
Wi = Q. 

After exiting from the above loop if Wi = 0, then V m i n = Vj and we stop the 
algorithm. Otherwise, pred v (u) is true; u [ contains at least one element of V m in 
and one such element will be found in the next loop. 
Loop 2: We repeat the following until all coordinates of u are considered. Choose 
some coordinate u(i) of u which has not yet been considered and replace u{i) in u 
by the smallest natural number such that predy{u) for this new vector is still true. 

The above computed new vector will then be an element of V m i n . So, we update 
V i+ i = Vj U {u}. 

Stage 2: Let the new found vector be u = (z±, . . . , Z)-). In this stage, we try to find 
other vectors in V m i n - We let 

Wi={{z' 1 ,...,z' k )eNt\ 3j:l<j<k:z , j = z j -l A Vm ^ j. z' m = u} . 

We update Wi+i := min(Wi, W-) where min(W, W') = (min(u, u')\ u £ W,u' G W'| 

and min of two vectors are evaluated component-wise. Then we increment the iterator by 
i := i + 1 and go back to Loop 1. □ 

3.4.4. Computing INF m i n for a Petri net. While a marking of a normal untimed Petri net 
(or a SD-TN) is a mapping M : P — > N (see Def . 13. 1[) , an w-marking is defined as a mapping 
M : P — > N w , where N u = N U {to}. In the following we work with w-markings, i.e., when 
we speak of markings these may be w-markings. 

For any Petri net let INF be the set of markings where infinite runs start, and 
INF m i n the finite set of minimal elements of INF, similarly as for SD-TN in Def. 13.61 We 
use the result of Valk and Jantzen to compute INF m i n for a Petri net. To apply this 
algorithm, we require the computability of the predicate M { n INF ^ (pred INF (M)) 
for any w-marking M. The decidability of this predicate was first shown in [BM99 ] . We 
include a description of this construction here (adapted to our notation), because the more 
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general construction for SD-TN in the next section is based on it and would be hard to 
understand without it. 

Definition 3.28. (Coverability graph) |KM69j 

Given a Petri net N (with k places) with initial w-marking Mq, the Karp- Miller coverability 
graph is a finite directed graph C = (G, — >) with G C N^, whose vertices are labeled with 
w-markings of N. It is constructed as follows. 

Starting from Mq, one begins to construct the (generally infinite) computation graph 
of N, i.e., the graph of reachable markings, connected by arcs representing fired transi- 
tions. However, if one encounters a marking M2 which is strictly bigger than a previ- 
ously encountered marking M\ (i.e., M2 > M\ and M2 ^ Mi) then one replaces M2 by 
M2 + u>(M2 — Mi). This describes the effect that by repeating the sequence of transitions 
between M\ and M2 one could reach markings with arbitrarily many tokens on those places 
p where M2(p) > M\(p). (Note that such sequences can be repeated because Petri nets are 
monotonic.) If one encounters the same w-marking as previously, then one creates a loop. 

It follows from Dickson's Lemma (see Lemma 13. 18j) that the generated graph is finite 
and the construction terminates. 

The following properties of the coverability graph follow directly from the construction 
(see |KMH9| ). 

Lemma 3.29. 

(1) For every marking M , reachable from the initial marking Mq, there is an uj-marking 
Mc in the coverability graph such that M < Mq. 

(2) For every uj-marking Mq in C, there are markings M reachable from M which contain 
arbitrarily large numbers of tokens in the places with u in Mc ■ 

(3) The arcs in the coverabiliy graph are induced by the transitions in the Petri net. If it 
is possible to fire some sequence of transitions from a marking Mc in the coverability 
graph, leading to a marking M' c , then there is a reachable marking M < Mc in the Petri 
net which can fire the same sequence of transitions, leading to a marking M' < M' c . 

Definition 3.30. (Effect Vector) To every transition t in a normal untimed Petri net 
with k places one can associate a vector v~t € Z fc which describes the effect of the transition 
on the markings of the net, i.e., the change in the marking caused by firing the transition. 
This means that if M\ M2, then M2 = M\ +Vf We call v~i the effect-vector of transition 
t. 

Lemma 3.31. [BM99] Given a Petri net N with k places and an uj-marking Mo £ 
where = N U {u>} and uj denotes the first limit ordinal (satisfying z + uj = z — lo = us for 
xGNj, it is decidable if Mq \ DINF ± 0. 

Proof. We show that if Mq \ n INF ^ then this condition will be detected by the following 
construction. Furthermore, we prove that the construction does not yield any false positives. 
Construction: 

Let C = (G, — ►) with G C N™, be the coverability graph of iV from the initial marking 
M , which is computable (see Def. E2Sand (KM69]). 

The main idea is to analyze the coverability graph C and look for a cycle s.t. the 
transitions fired in this cycle have a combined positive effect on the marking (and will thus 
be repeatable). It will be shown that such a cycle in C exists if and only if Mq j n INF 7^ 0. 
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First, for every u;-marking M in the coverability graph C, we compute a finite-state 
automaton Am as follows. 

• The transition graph of Am is the largest strongly connected subgraph of C containing 
M. 

• The initial state of Am is M. 

• Am has only one final state, which is also M. 

• Let / be the number of edges in Am- We label every arc in Am with a unique symbol Aj 
for i : 1 < i < I. To every symbol Aj, we associate the effect-vector (see Def. I3.30|) d € Z k 
that describes the effect of the transition that was fired in the step from one node to the 
other. 

Let L(Am) be the regular language (over alphabet {Aj 1 1 < % < I}) recognized by Am- The 
aim is to find a cyclic path in Am from a marking M back to M where the sum of all the 
effect-vectors of all traversed arcs is > 0. This cyclic path is not necessarily a simple cycle. 
The effect-vector of an arc that is traversed j times is counted j times. Such a cyclic path 
with positive overall effect is repeatable infinitely often and thus corresponds to a possible 
infinite computation of the system N. 

Given the automaton Am with M as its initial and the only final state, every word 
in L(Am) corresponds to a cyclic path from M to M. For any word w, let \w |a^ be the 
number of occurrences of Aj inw. The question now is if there is a word w € L(Am) such 
that 

Yl Ma.cI > o 

\<i<l 

Such words characterize loops starting and ending in the same node of the coverability 
graph. We show how to answer the above question in the following. 

• First we compute the Parikh image of L(Am), i-e., the set {(\w |a x , • • • , IHaJI w ^L(Am)}- 
This set is effectively semilinear by Parikh's Theorem. 

• By Theorem 13.261 we compute a Presburger formula p(x\, . . . , xi) from the semilinear 
set computed above. The variables x±,...,xi count the number of times each edge Aj 
appears in a word w 6 L(Am)- 

• Finally, to decide if Xa<i<« Ma^C? > 0, we check the satisfiability of p_4 = p(xi, . . . , x{) A 
Si<i<z x iCi — 0) which is again a Presburger formula. By Theorem 13.251 we can decide 
whether this formula is satisfiable. 

For every marking M in the coverability graph C (these are finitely many) we check this 
condition for the automaton Am and we say that Mq j DINF ^ is true if and only if the 
condition holds for at least one automaton -4m- 

Correctness: Now we show the correctness of the above construction. If Mq [ n INF ^ 
then there exists a marking M £ N fc with M < Mo and M € INF. Thus there exists an 
infinite M-computation tt. By Dickson's lemma, there are markings M', M" and a sequence 
of transitions Seq such that M -% M' — > Seq M" and M' < M" . Thus the total effect of 
Seq is non-negative. 

Now, from Lemma 13.291 we know that there is a w-marking Mq in the coverability 
graph such that M" < Mq- Due to monotonicity of the transition relation, there is a path 
labeled with transitions in Seq and which leads us from Mq to a u-marking larger than Mq - 
Repeating this process from the larger node will finally lead us to a node which is largest of 
all u;-markings larger than Mq. We will reach such a node MJP" ax , since the graph is finite. 
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This means that we can fire transitions in Seq from M™ aa: and we get back to M™ ax itself 
(since there are no u-marking larger than M™ ax in C and by monotonicity Seq leads to a 
larger or equal node in C). So, M™ ax — >seq M™®*, i.e., there are w-markings Mi, . . . , M n 
such that M^ ax — ► Mi — ► . . . — ► M n = M^ ax with effect-vectors such that 

J2i<i<n Ci — 0- This is the condition checked in our construction. 

To prove the other direction, suppose that there is a word w £ L(.Am c ) for some u- 
marking Mq in the coverability graph such that Yli<i<i \ w \Aid — 0- This means that there 
is a w-marking Mc from which there is a path (through a sequence Seq of transitions) 
back to itself with non-negative effect. From Lemma 13.291 we know that there are markings 
M' reachable from Mq which agree with Mc in its finite coordinates, and can be made 
arbitrarily large in the coordinates where Mc is uj. We can choose one such marking M' 
such that it contains enough tokens in those coordinates where Mc is to to be able to 
perform one iteration of Seq. Now, Seq has a non-negative effect. This means that one can 
repeatedly execute Seq starting from M' . The reachability of such an M' from Mq and a 
non-negative loop from M' implies the existence of an infinite Mo-computation. This means 
that M | n INF + 0. □ 




Figure 7: (a). A small Petri net, (b). Coverability graph for this net from (uj,u>,u>). (c) 
Automaton . 

Example 3.32. Consider the Petri net in Figure 0a) and the coverability graph (Fig- 
ure 0(b)) of the above Petri net from a w-marking M = (uj, oj, uj) where M(Q) = M(R) = 
M(S) = u>. We show that M | n INF ^ 0. The automaton produced for the single 
node in the coverability graph is shown in Figure 0(c) . Notice that Ai = t\ and A2 = £2- 
Also, the effect-vectors £1 and £2 show the effect of firing t\ and ti respectively. Notice that 
L(A {U ^) = {w\w& {ti.fc}*}. This means that y>(L{A (m) )) = L((0, 0); (1, 0), (0, 1)). 
Finally, we compute a Presburger formula p(xi,X2) for the above linear set and from it, 
construct the formula p(xi,X2) A x\C,\ + X2C2 ■> 0. One of the solutions of this formula is 
given by x\ = X2 = k for any natural number k. This means M J, n INF 7^ 0. 



Markings of a Petri net are written as multisets over places and vectors over the set of natural numbers 
interchangeably. 
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Figure 8: (a). Coverability graph from (0,uj,uj). 
Coverability graph from (0,0, 1). 



(b) Coverability graph from (0,0, uj). (c) 



Example 3.33. In the above, we show an example for computing pred INF (M) for an uj- 
marking M. Now we show how to compute INF m i n for the same Petri net using Valk 
and Jantzen's algorithm. We start with a single marking (uj,uj,uj). Immediately, we get 
out of Loop 1, since pred INF ((uj,uj,uj)) is true (as shown in Example I3.32p . In Loop 
2, one finds a minimal element in INF m i n . This is done by first reducing the first co- 
ordinate for Q in (uj,uj,uj) to 0. In Figure EJa), we show the coverability graph from 
(0, uj,uj). pred INF ((0,u,uj)) is true, since we reach a node (uj,uj,uj) in the coverability 
graph from (0,uj,uj) and pred INF ((uj, uj, uj)) is already shown to be true in the previous 
example. Then we replace the uj in place R to and compute the coverability graph for 
(0,0,0;) in Figure MJd). pred INF ((0, 0, uj)) is true again by the same reasoning. Notice that 
pred INF ((0, 0, 0)) is false. So, finally we show the coverability graph from marking (0,0,1) 
in Figure EUc) and pred INF ((Q,0, 1)) is true. Thus (0,0, 1) is included in INF m i n . 

In Stage 2, we have Wq = {(uj,uj,0)} and W\ = min({uj , uj , uj) , (oj,oj,0)) = {(uj,uj,0)}. 

Now we go to Loop 1 again. From Figure E|a), it is evident that pred INF ((uj,uj,0)) 
is true. Now, we again perform Loop 2. We find that pred INF ((0, uj, 0)) is false, but 
pred INF ((l, uj, 0)) is true (the coverability graph from 0) is shown in Figure[9jb)). We 
show the coverability from (1,0,0) in Figure [He) and it follows that pred INF ((l, 0, 0)) is 
true. Thus (1,0,0) is another member of INF m i n . 

In Stage 2, we have W[ = (0,uj,uj) and W2 = min((0,uj,uj), (uj,uj,0)) = (0,uj,0). Now 
pred INF ((Q, uj, 0)) is false and Wi = and the construction terminates. Thus INF m i n = 
{(0,0,1), (1,0,0)}. 



3.4.5. Computing INF m i n for SD-TNs. 



To compute INF m i n for SD-TNs, we will use Valk and Jantzen's Theorem 13.271 again. 
This algorithm requires a decision procedure for the predicate Mq j PiINF 7^ for any 
given uj- marking M € N£ for an SD-TN. First we construct a coverability graph for a 
given SD-TN. We need the following definitions and notational conventions. 
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(u, UJ, to) 



(a) 





(c) 

Figure 9: (a). Coverability graph from (u>,u>,0) (b). Coverability graph from 0). (c) 
Cover ability graph from (1,0,0). 



Definition 3.34. By Def. 13.11 of SD-TN, the source places and target places of transfers 
are disjoint and thus after a simultaneous transfer all source places are empty. We call a 
marking an 'after transfer marking' (AT-marking) if it is reached just after firing Trans. 
We represent markings as vectors in N fe of the form (transfer source places, other places). 
So AT-markings have the form ( , ~v) with € N fc ' and 1? S N fc " with k = k' + k" where 
k' is the number of transfer source places. The corresponding markings in the coverability 
graph C are called ui- AT-markings and have the form ( , ~v) with £ '. 

First we show that the coverability graph for SD-TN can be effectively constructed 
(Lemma 13. 35 p . then we prove that this graph satisfies the required properties (Lemma l3.36p 
and finally we give an example. 

Lemma 3.35. For any SD-TN N with initial marking Mq, the coverability graph can be 
effectively constructed. 

Proof. We use w-markings from (where k is the number of places). One proceeds from 
Mq similarly as in the Karp-Miller construction ( [KM69] ; sec also Def. I3.28H except for the 
transfer arc. The detection of loops is done slightly differently in the two cases (with and 
without the transfer arc). 

(1) Loop without transfer arc: If one encounters the case M\ — >seq M2 with 

• Mi < M 2 , 

• Seq is a sequence of transitions of iV such that the transfer arc was not used in Seq, 
then we replace M2 by M2 + co(M2 — M\) as in the case of Petri nets. Notice that 
loM = M' such that M'(p) = uj for all place p with M(p) > 0. Obviously, Seq can be 
repeated arbitrarily often to yield an arbitrarily high number of tokens on the places 
where M2 is strictly larger than M\. 

(2) Loop containing transfer arc: Let M\ and M2 be two markings reached just after trans- 
fers, i.e., — ► Trans M\ — > Seq M{ — > Trans M2 (where Seq may contain other transfers). 
We call such markings u- AT-markings (AT for 'after transfer'). If M\ < M2 then we 
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replace M2 by Mi-\-u){Mi — Ml). The sequence of transitions — >seq — >Trans can be re- 
peated arbitrarily often to yield arbitrarily high numbers of tokens on the places where 
M2 is strictly bigger than Ml. This is possible, because in SD-TN the set of places 
which are sources of transfers and the set of places which are targets of transfers are 
disjoint by Def. 13.11 Thus the transfers in — >seq — > Trans do not negatively affect those 
places p where M\(p) < M^ip). This point does not carry over to general transfer nets. 
In particular, all transfer-target places, once marked by u in this construction, will stay 
u) in the future. Furthermore, all transfer source places are empty after the transfer, 
since all transfers are simultaneous. 

(3) If one reaches an w-marking encountered before, then one creates a loop. 

It is easy to show that the so-generated coverability graph is finite. Assume the contrary, 

i.e., that there is an infinite sequence Mq, M\, ... of different nodes in the coverability graph. 

Now, there are two cases. 

• In this infinite sequence, there is only a finite number of occurrences of the transfer 
transition Trans. Suppose M r was the last marking produced by transfer transition. 
Consider the sequence M r +i, M r +2, . . .. This sequence is still infinite. By Dickson's 
lemma (Lemma 13. 18[) . any such infinite sequence of markings of the SD-TN contains an 
infinite non-decreasing subsequence. Since, by our assumption above, all markings M, are 
different, this subsequence must be strictly increasing. Thus, in our construction above, 
it would happen infinitely often that a place is marked by ui which previously had only 
held a finite number. However, since the infinite suffix M r+ i, M r+ 2, ■ ■ ■ does not contain 
any transfer, all places marked u> stay at uj. This yields a contradiction, since there are 
only finitely many places in the net. 

• There is an infinite number of markings produced by the transfer transition Trans, which 
appear in the sequence Mq, Mi, .... We take the subsequence Mq, M[, ... of Mq, Mi, . . . 
such that each marking M[ for i > is a marking produced by the transfer transition (i.e., 
an w-AT-marking) . Since there are infinitely many transfer transitions in the sequence 
Mo, Mi, . . ., the sequence Mq, M{, ... is also infinite. Now, like the previous case, we will 
always find a strictly increasing subsequence of Mq,M{, .... Thus, by the construction 
above, we would infinitely often introduce the number u> into some places of the net. 
However, this could only happen to places which are not sources of transfers, since all 
source-places of transfers are marked zero in cj-AT-markings. Since those places marked 
by uj are not sources of any transfers, they will always remain marked u. (Here we 
require the specific property from SD-TN. This does not hold for general transfer nets, 
where a target place of one transfer could be the source place of another.) This yields a 
contradiction, because there are only finitely many places in the net and uj could not be 
introduced infinitely often as required above. 

Since our assumption above led to a contradiction in both cases, the opposite must be true, 
i.e., the generated coverability graph is finite. □ 

Remark: Notice that if a place p is a source of a transfer transition, then M±(p) < Mj(p) 
does not in general imply that p may eventually contain an arbitrarily high number of 
tokens. This is due to the fact that the loop may contain a transfer transition which will 
remove all tokens from p. 

Lemma 3.36. 
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(1) For every reachable marking M from the initial marking Mq in an SD-TN, there is an 
uj-marking Mq in the coverability graph such that M < Mq. 

(2) For every to-marking Mq in C, there are markings M reachable from Mq which contain 
arbitrarily large numbers of tokens in the places with u in Mq ■ 

(3) The arcs in the coverability graph are induced by the transitions in the SD-TN. If some 
sequence of transitions if possible to fire from a marking Mq in the coverability graph, 
leading to a marking M' c , then there is a reachable marking M < Mq in the SD-TN 
which can fire the same sequence of transitions, leading to marking M' < M' c . 

Proof. The proof is similar to the correctness proof of the Karp-Miller algorithm for ordinary 
Petri nets |KM69j . 

(1) First, for every computation path staring at Mq in the SD-TN there is a corresponding 
path in the coverability graph constructed in Lemma 13.351 Furthermore, markings are 
only replaced by larger w-markings in the coverability graph. By the monotonicity of 
SD-TN, the first result follows. 

(2) By the construction of the coverability graph for SD-TN in Lemma 13.351 values u> can 
be introduced in two ways: by encountering an increasing loop without transfer arcs or 
an increasing loop with transfer arcs. 

In the first case, the loop can simply be repeated arbitrarily often to yield arbitrarily 
high numbers of tokens on the increasing places (marked by u in the coverability graph) , 
because of the monotonicity of the net, just as for ordinary Petri nets. 

In the second case, new u are only introduced for increasing loops between w-AT- 
markings, i.e., loops of the form — >Tmns (0, v) — >seq M\ — >Trans (0, if) where if > v. 
Since the source places of transfers are all marked in these markings, no ujs are 
introduced to them here. (However, source places of transfers may aquire u (either 
permanently or just temporarily until the next transfer) by ordinary Petri nets loops in 
the first case described above.) By the special restrictions on transfers in SD-TN (unlike 
in general transfer nets) the places marked by vectors v, 'if which may aquire cj here 
are never the source of any transfer. Thus the loop — >seq — Trans can be repeated 
arbitrarily often to yield markings with arbitrarily high numbers of tokens on those 
places where if is strictly larger than v. 

(3) The third property follows directly from the definition of the coverability graph. 

Remark 3.37. It follows directly from Lemma 13.351 and Lemma 13.361 that place-bounded- 
ness is decidable for simultaneous-disjoint transfer nets, while it is undecidable for general 
transfer nets |D JS991 [May03l . 



Example 3.38. Consider a small SD-TN shown in Figure fTUlfa). In Figure fTOT b) . we show 
the coverability graph C from a marking M = (2, 0, 0) of SD-TN where M(pi) = 2, M(p2) = 
and M(p3) = 0. We omit the transfer arcs in the coverability graph if the source place 
of transfer does not contain a token. Notice that Trans = (0, 0, {pi,Pz)) and (0,0,2) and 
(0,uj,uj) are the only w-AT-markings in C. 



3.4.6. Computing pred INF for SD-TNs. 

Now that we can compute the coverability graph for SD-TN, we continue to develop 
the algorithm for deciding the predicate pred INF , i.e., deciding if Mq [ HINF ^ for any 
given uj- marking Mq € N* for an SD-TN. 
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Trans 




(a) (b) 
Figure 10: (a) A small SD-TN. (b) Coverability graph C for this net. 

Lemma 3.39. Given an SD-TN N with k places and an u)-marking Mq € it is decidable 
if Mq I n INF / 0. 

Proof. First we give an algorithm to detect the non-emptiness of the intersection Mq [nlNF. 
Let C = (G, —>) with G C be the coverability graph of N from initial marking Mq. An 
infinite computation ir from a marking M in Mq [ is detected as follows. There are two cases. 
Either there are finitely many or infinitely many transfers in such an infinite computation. 

• In the first case, the transfer transition Trans is used only finitely often and tt has an 
infinite suffix tt' which starts at some marking M' and only normal Petri net transitions 
are used in tt'. Since M — —> M', there is a node Mc in C such that M' < Mq- To 
find out whether there is a positive effect of such cycles consisting of ordinary Petri net 
transitions, we let N' be the ordinary Petri net obtained from iV by removing the transfer 
transition Trans. So it' is an infinite M'-computation of N'. Let INF N > C N fc be the 
(upward-closed) set of markings from which infinite computations of N' start. So we 
have Mq j H INF^' ^ 0- In fact, we consider each w-marking Mq £ G and detect the 
presence of an infinite computation with just ordinary Petri net transitions if the following 
condition (Condi) holds. 

(Condi) 3M C G G. M c | n INF N > + 

This is a problem about ordinary Petri nets and it has already been shown to be decid- 
able (Lemma 13.311) . Deciding (Condi) requires only finitely many calls to the decision 
procedure in Lemma 13.31} because G is finite. 

• In the second case, the transfer transition Trans is used infinitely often in tt. Recall that 
in Lemma 13.311 we construct automata from the coverability graph, for each of its nodes 
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and associate an effect-vector with each edge of such an automaton. In this case, the 
presence of transfer transitions in the cycles of SD-TNs does not let us follow such a 
procedure directly. This is due to the fact that the effect of the transfer depends on the 
amount of tokens in the source places of the transfer and that is not a constant number. 

In this case, first we compute the effect- vectors between two w-AT-mar kings A4,M' 
in the coverability graph such that Ai' is reachable from Ai. For any pair of w-AT- 
markings A4,A4' £ G we can effectively construct a semilinear set Effect(Ai, Ai') C Z fe 
which represents all possible effects of sequence of transitions of the form Seq. Trans 
with Ai — >seg — ► Trans -M-' where Seq is a sequence of transitions which does not contain 
Trans. This is done as follows. First, we compute the semilinear sets Effect' (Ai, X) C Z fc 
for all X G G such that X 

— > Trans ■M! in the coverability graph C and Ai — ► X 
without using Trans. The sets Effect' (Ai, X) are semilinear and effectively constructible, 
by computability of Presburger-arithmetic and its equivalence with semilinear languages 
(Theorem l3.26p . This is due to the fact that C is a finite graph whose arcs are labelled with 
constant vectors in Z fc and the Parikh-image of regular languages is effectively semilinear. 
This means that one can consider Ai as the initial- and X as the final state of a finite 
automaton A. Each edge in A is labelled by a unique symbol A and there is an associated 
effect-vector £ for the effect of the transition by that edge. Let p(x\, . . . , x\) be the 
Presburger formula for the Parikh-image of L(A) where I is the number of edges in the 
coverability graph. A valuation of the variable Xi for i : 1 < i < I gives how many times 
the symbol Aj appears in a word in L(A). Given k as the number of places in SD-TN, 
we have Effect' (Ai, X) given by a Presburger formula 

Px{yi,---,Vk) = 3x 1 ...,xi.p(x 1 ,...,x{) A f\ yi= ^2 Xj(j(i) 

l<i<k l<j<l 

Secondly, we obtain Effect(Ai, Ai') as a Presburger formula by introducing the effect 
of transfers {Trans = (1,0, ST)) as follows. Consider the set X containing w-markings 
X such that Ai ——> X — > Trans Ai' . For each I £ X, we compute a Presburger formula 

p" x (z x ,..., z k ) = 3yi,...,y k . (px{yi, ■ ■ ■ ,Vk) A p' x {yi, . . . , y k , zi, . . . , z k )) 

where p' x {yi-> ■ ■ ■ > Vki z i-> ■ ■ ■ > z k) is a conjunction of the following formulae. 

• Vjif '■ (Pj'iPj) G ST.Zj = yj + yy A zy = 0. Here, ST is from Def. 13.11 This 
corresponds to a transfer from place p,/ to place pj whenever (pj',Pj) € ST. 

• \/pj £ I.Zj = yj — 1 A Vpj G O.Zj = yj + 1. This corresponds to Petri net part 
of transfers, since / contains places from which there is an input arc to the transfer 
transition and O contains places from which there is an output arc to the transfer 
transitions. 

• Vj-(Pj ^ ST A pj G" / U O) =^> Zj = yj. Here pj ST is used to mean that there are no 
pairs (p, q) £ ST, such that pj = p or pj = q. This means that there is no change in 
the number of tokens at the other places. 

Finally the effect Effect(M, Ai') = \J XeX p' x (zi, . . . , z k ). By Theorem 13.251 we can 
compute a semilinear set from the Presburger formula given above for E ff ect (Ai, Ai'). 

Now we construct a new finite graph C = ((?',—>) as follows. G' C G is the set of 
w-AT-markings in G. For M,Ai' G G' we have Ai — >■ Ai' in C iff M — > Seq » — > Trans Ai' 
in C where Seq" does not contain Trans. The arc between Ai and Ai' is labeled with (a 
symbolic Presburger-arithmetic representation of the semilinear set) E ff ect (Ai, Ai'). 



38 



P. A. ABDULLA, P. MAHATA, AND R. MAYR 



We check the following condition (Cond2). 

(Cond2) 3n e N. Mo, • • • , M n € G'. Mq — > Mi —> > M n = Mq. 

n-l 

3Ut E Effect(Mi, M i+ i). «i > "0 

i=0 

Note that the Mi above do not need to be disjoint. 

Now we show how to check the condition (Cond2). We transform the graph C', whose 
arcs are labeled with semilinear sets Effect (M,M') into a new equivalent graph C" whose 
arcs are labeled with constant vectors. Since Effect(M, M') is effectively semilinear, it 

can be represented as a finite union of linear sets of the form L(ui;wj, . . . ,w™ 1 ) where 
i : 1 < i < m and m > 1. C" contains the nodes of C and some additional nodes: 

• if there is an edge between two nodes M, M! labeled by Effect(M, M') (of the above 
form) in C' , we add new nodes M\ for % : 1 < i < m in C". 

Also, for any pair of nodes M,M' in C, labeled by \J l<i<m L(ui;wl, . . . -,w™ % ), we have 
the following arcs in C" . For each i : 1 < i < m, we have 

• an edge from M to M[, labeled by Ui. 

• edges from M\ to M' { , labeled by w\ for j : 1 < j < m. 

• an edge from M\ to M! , labeled by 0. 

Let C" = (G" , —*) be the graph obtained in this way. We get immediately that the 
following condition (Cond3) holds for C" iff (Cond2) holds for C' . 

(Cond3) 3neN.M ,...,M n eG". 

71-1 

(M *Mi*... v *?M n = Mo) A ^^>"0 

i=0 

The condition (Cond3) is decidable, since C" is a finite graph and by Parikh's theorem 
|Par66j the Parikh-image of regular languages is effectively semilinear. (Just interpret 
C" as a finite automaton and try out any Mq € G" as initial and final state.) Then we 
proceed as in Lemma 13.311 Thus (Cond2) is decidable. 

Example 3.40. In Figure [TlT a) we show C obtained from C of Figure [TDT b) with edges 
labeled by their Presburger-arithmetic representation. We have Effect({0, 0, 2), (0,w,u;)) = 
{(0,l ) 0) + fci(0,l,0)+fc 2 (0,-l,l) I k u k 2 € N} and Effect((0,u,u),(0,u;,u;)) = {(0,-1,1) + 
/ci (0,1,0) + ^(O, — 1,1) I ki,tt2 S N}. (Note that the transfer moves all tokens from the 
first component to the third component.) In Figure [TlT b). finally we show the graph C" 
obtained from C in Figure [TlT a). 

Correctness of the above constructions: Now we show the correctness of the above 
two constructions (by using Lemma |3.36|) . 

• Firstly, we show that (Condi) is sufficient and necessary for the existence of an infinite 
Af-computation tt with finitely many transfers for some M < Mq. 

Suppose there is an infinite M-computation tt with finitely many transfers. Then tt 
has an infinite suffix tt' , starting at some marking M' which uses only ordinary Petri 
net transitions. Since N' is obtained by removing transfer transitions, tt' is an infinite 
M'-computation of N' . This implies that Condi holds for N' (Lemma I3.31f) . Since the 
coverability graph for N' is a subgraph of that for N, Condi also holds for N. On the 



DENSE-TIMED PETRI NETS 



39 



(0,0,2) 

Effect((0,0,2),(0,uj,uj)) 

I 



(0,1,0) 



(0,0,0) 



(0,0,2) 
(0,1,0) 

. (0,0,2)! 

(o,o, 0)| 

(0,£J,£j) 

(0,-1,1) 



(0,-1, i; 



Effect((0,oo,oo),(0,u;,u;)) 




(0,1,0)0 O(o,-i,i) 



(a) (6) 
Figure 11: (a). Graph C derived from C in Figure HUTb). (b) Graph C" derived from C 



other hand, from Lemma f3.31l we have that if Condi holds for N' , then there is an infinite 
M'-computation. Since M M', we have an infinite M-computation in N. 
• Secondly, we show that (Cond2) is sufficient and necessary for the existence of an infinite 
M-computation with infinitely many transfers for some M < Mq. 

If Cond2 is satisfied (i.e., there is a sequence Seq of transitions with non-negative 
effect), then there exist markings M < Mq where Mq G C and M' < Mq such that 
M — > M' (by definition of C,C',C" and Lemma such that M' is large enough to 

perform Seq once from M' . Now, Seq has a non-negative effect, therefore one can keep 
on repeating Seq resulting into an infinite M'-computation. This implies that there is an 
infinite M-computation. 

Now we show the other direction. Assume that there is some M G N fc with M < Mq 
and M G INF and some infinite M-computation ir which uses Trans infinitely often. 
Thus it contains infinitely many AT-markings. Thus, by Dickson's Lemma (Lemma I3.18| 
|Dicl3j ). there is a computation (possibly containing several transfers) where M — — > 
( ,xi) — >seq ( ,xq) with X2 > Thus the total effect of the sequence Seq is non- 
negative. From Lemma 13.361 it follows that there exists an w-AT-marking Mq G G with 
Mq > (0 ,£2)- In fact there exists a largest such Mq (as in case of Petri nets, see 
Lemma 1331]) such that we have Mq — >seq Mq in C. So, Effect(Mo,Mo) > . The 
sequence Seq can be decomposed into Seq = Seq 1 Seq 2 ■ ■ ■ Seq n with Mi — >seq i Mi+i for 
1 < i < n — 1 and M n = Mq. Here {Mq, . . . , M n } is the set of w-AT markings visited 
in Seq. In other words, each Seqi contains the transfer transition only once at the end. It 
follows that A^o — ¥ M\ ■ ■ ■ — » M n = Mq is a cyclic path in C 1 and vt G Effect(Mi, Mi+i) 
and X^r=o u i = Eff ec t(-M-o, M n ) > . Therefore the condition (Cond2) is satisfied. 
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Altogether we obtain that M | n INF ^ iff (Condi) or (Cond2) is satisfied. (It is 
possible that both (Condi) and (Cond2) are true.) Since both conditions are decidable, we 
obtain decidability of M [ n INF / 0. □ 

Lemma 3.41. For any SD-TN N' the set INF' min can be effectively constructed. 

Proof. Since INF is upward-closed, we can, by Lemma T3.39I and Theorem 13.271 construct 
the minimal elements of the set INF, i.e., the set INF m i n . We obtain INF' min by the 
restriction of INF m i n to standard markings. □ 



3.5. Characterizing ZENO. 

Theorem 3.42. Let N be a TPN. The set ZENO is effectively constructible as a MRUC. 

Proof. We first construct the SD-TN N' corresponding to N, according to Section 13.1.11 
Then we consider the MRUC Z from Def. 13.151 

We have ZENO = [Z] by Lemma [3161 and Lemma [3171 The MRUC Z is effectively 
constructible by Lemma 13.411 Definition 13.151 Lemma 12.121 and Lemma 12.101 



4. The Zenoness-Problem for Discrete-timed Petri Nets 

In this section, we discuss how to characterize the set ZENO for discrete-timed Petri nets, 
thus solving the open problem from [dFERAOOj . First we describe how the semantics of a 
discrete-timed Petri net is different from that of a dense-timed Petri net. 

• Firstly, the ages of the token are natural numbers rather than real numbers. 

• Secondly, the timed transition takes only discrete steps. 

A direct solution for discrete-timed nets is to simply modify the construction of the 
SD-TN N' in Section [3.1.11 by removing the time-passing phase in Subsubsection [3~. 1 .41 The 
resulting net N' is then a normal Petri net, since it does not contain a transfer arc. This 
modified construction would yield ZENO for the discrete-time case, because (unlike in the 
dense-time case) every infinite zeno-computation in a discrete-time net has an infinite suffix 
taking no time at all. 

In the special case where all time intervals on transitions are bounded (i.e., oo does not 
appear) there is another solution. Here one can encode discrete-timed nets into dense-timed 
nets, as shown in Figure [T2l The trick is to split the intervals on the input (output) arcs to 
several point intervals on a number of transitions. 

5. Arbitrarily Fast Computations 

If Mq € ZENO then, by definition, there exists an infinite Mo-computation that requires 
only finite time, i.e., 3m, tt.A(tt) < m. It follows that for any smaller number m' with 
< m' < m there exists some marking M' with Mq A M' and an infinite suffix tt' of tt 
s.t. tt' is an infinite M'-computation with A(tt') < m! . Thus, there exist more and more 
markings with faster and faster computations. Formally, 

Ve > 0. 3M e G Post*(M ), an infinite ir t . M t ^ A A(vr e ) < e (5.1) 

However, this does not imply that there exists some fixed reachable marking M where 
arbitrarily fast computations start, because each M e could be different. The existence of 
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Figure 12: Simulating (1) t in TPN by (2) a set consisting of 4 transitions in 2. 

arbitrarily fast computations from a fixed reachable marking is a stronger condition than 
zenoness, defined as follows. 

3M G Post* (M ). We > 0. 3 an infinite vr e . M ^ A A(vr e ) < e (5.2) 
In general, condition (|5.ip does noi imply condition (|5.2p . as will be shown by Lemma 15.11 

All-Zenoness-Problem 

Instance: A timed Petri net N, and a marking M of N. 

Question: For all e > does there exist an infinite M-computation n t s.t. A(7r e ) < e ? 

A marking M is called an allzeno-marking of A iff the answer to the above problem is 'y es '- 
We consider a timed Petri net A. We let ALLZENO denote the set of the allzeno- 
mar kings of A. 

Lemma 5.1. For all TPN we have Pre* (ALLZENO) C ZENO. There exist TPN (e.g., 
the TPN in Figure \13\) where the inclusion is strict. 

Proof. The inclusion ALLZENO C ZENO follows directly from the definitions (let, e.g., 
e := 1). Since Pre* is monotonous, we get Pre* (ALLZENO) C Pre* (ZENO) = ZENO. 
Now we consider the example TPN in Figure [T3l with initial marking 

M := [(X,1),(A,1),(F,0.9)] 

There is a zeno run tt from M$ of the following form: Transitions t\ and ti alternate and 
the length of the delays between them drops exponentially. 

Formally, 7r = (^•t 1 ^5 i ^t 2 — >-<5 i+ i)i=0,2,4,... with <5j = (0.1) * 2 _l and thus A(7r) < 0.2. 
Therefore M G Z^AO. 

Now we show that M ^ Pre* (ALLZENO). 

In every reachable marking M G Posi*(Mo) there is one token on place X, one token 
on place Y and either one token on place A or one token on place B. Without restriction 
we consider the case where there is a token on place A; the other case is symmetric. So we 
have M = [(A, x), (A, a), (Y, tp)]. Ifx>l, a>lon/)>lorx/a then there is no infinite 
run at all. Otherwise, if x < 1 then for e := (1 — x)/2 > there is no run 7r £ from M with 
A(7r e ) < e, and thus M £ ALLZENO. There remains the case where x = a = 1. Then 
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Figure 13: A TPN with initial marking M := [(X, 1), (A, 1), (Y, 0.9)] E ZENO. 

No reachable marking is in ALLZENO, but allzeno markings exist, e.g., 
[(X, 1), (Y, 1), (A, 1), (£?, 1)]. Note the half-open intervals [0 : 1) which do not 
include 1. 

transition t\ must fire immediately, because otherwise the tokens become too old (i.e., > 1) 
and there is no infinite run. Let the resulting marking be M' = [(X,x')i (X,-ip), (B, (3)]. 
By construction of the net, we have (3 < 1. If ^ (3 then there is no infinite run. So 
we must have ip = (3 < 1. Then, for e := (1 — if>)/2 > there is no infinite run ir e from 
either M' or M with A(7r e ) < e. Thus M £ ALLZENO. So we have shown that no 
reachable M £ Post*(M ) is in ALLZENO, i.e., Post*(M ) n ALLZENO = 0. Therefore, 
M i Pre* {ALLZENO). □ 

Now we show that the All-Zenoness-Problem for TPN is decidable. In fact, the set 
ALLZENO is effectively constructible as a MRUC. 

Intuition: The construction of ALLZENO is similar to the construction of ZENO in 
Section [3J The main differences can be understood with the following observations. 

• In arbitrarily fast runs (unlike in zeno-runs) no tokens of the initial marking can reach 
the next higher integer age by aging. For example, a token of age 1 — e for e > cannot 
reach age 1 in a run ir with A(-7r) < e/2. On the other hand, tokens which are newly 
created during the run can reach the next higher integer age by aging, since their ages 
may be chosen (nondeterministically) arbitrarily close to the next higher integer. This is 
because all the bounds of the time intervals on transition arcs in the TPN are integers. 

• If it were not for the initial marking, we would have the following situation: If there is a 
run 7r with A(7r) = e where < e < 1 then there also exists a run ir' with A(ir') = e/2. 
One just replaces any delay of length 5 in ir by a shorter delay 5/2 in ir' and any token of 
age x which is newly created in ir is replaced in n' by a newly created token (on the same 
place) of age x + ( \x~\ — x) /2. Furthermore, a token with an integer age i will always have 
a non- integer age i + 5 after some delay 5 for any < 6 < 1, i.e., regardless of how small 
5 is. 
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• How to treat the tokens of the initial marking? Since none of them can age to the next 
higher integer in arbitrarily fast computations, they cannot be encoded as p(k— ) tokens 
in the corresponding SD-TN. Instead they are all encoded as p(k) tokens (if they have an 
integer age) or as p(k+) tokens (if they have a non-integer age). 

• Finally, there is the problem that arbitrarily fast computations can be either disc-com- 
putations or time-computations, depending on whether their first transition is discrete 
or timed. In the construction of the set ZENO this was elegantly solved, because this 
construction included the Pre* operation which is taken w.r.t. all transitions (both dis- 
crete and timed). However, since of construction of ALLZENO does not include Pre*, 
this difference must be addressed explicitly here. 

• Given this, one can encode arbitrarily fast computations of TPN into computations of 
SD-TN, in a similar way as for zeno-computations (with delay < 1) in Section [3l 

Construction of ALLZENO: Given a TPN N, we first construct a SD-TN N' in the same 
way as in Subsection 13.11 Then we define a mapping int from markings of N to markings 
of N', similarly as in Definition 13.81 



Definition 5.2. We define a function int : (P x 
M of ./V to its corresponding marking M' in N'. M' 



M'{p(k)) 

M'(p(fc+)) 

M'(p(max+)) 

1)-)) 



M((p,k)) 

M((p,x)) 
M((p,x)) 


1 






(P' — ► N) that maps a marking 
= int(M) is defined as follows. 

for k G N, < k < max. 
for k G N, < k < max - 1. 

for k G N, < k < max — 1. 



M'(p((k + 
M'(p disc ) 

M'(ptimel) 

M'(p Mme2 ) 

M'{p coun t) 

Note that M' = int(M) is a standard marking according to Def. 13.61 and M' does not 
contain any p(k—) tokens. 

Next we define an operation r which encodes the effect of passing an arbitrarily small, 
but non-zero, amount of time. No tokens can age to the next higher integer age in arbitrarily 
short time, but all tokens of an integer age k will have an age > k afterwards. Given a 
standard marking M G W (recall Def. ESJ) of the SD-TN N' , we define M' := t(M) as 
follows. 



M(p(k+))+M(p(k)) 
M(p(max+)) + M(p(max)) 
M(p((fc + 1)-)) 



M'(p(k)) 
M'(p(k+)) 
M' (p(max+)) 
M'(p{(k + l)-)) 
M'{p dlsc ) 
M'{p timel ) 

M'(p t ime2) 
M'(p coun t) 



for k G N, < k < max. 
for k G N, < k < max - 



1. 



for k G N, < k < max — 1. 



M(p disc ) 
M{pumel ) 
M(ptime2) 
M(j) count) 



Note that the operation r is only defined on standard markings and its result is also a 
standard marking. 
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Unlike in Section [3J there is a more direct correspondence between the computations 
of a marking M and the computations of int(M) and r{int{M)). (Recall the Def. 13.61 of 
INF'.) 

Lemma 5.3. Consider a TPN N with marking Mq and the corresponding SD-TN N' . 
M G ALLZENO =► (int(M ) G INF' V r(mt(M )) G INF'). 

Proof. Let Mq G AILZENO . Then there exist arbitrarily fast computations from Mq. It 
follows that there are either arbitrarily fast disc-computations from Mq, or arbitrarily fast 
time-computations from Mq (or both). Let 

D := {(\x] - x) | 3p.M ((p,x)) > A (\x\ - x) > 0} 

(1) First we consider the case that there are arbitrarily fast disc-computations from Mq. 
There are two cases. 

(a) If D = then all tokens in Mo have integer ages. It follows that mi (Mo) does 
not contain any p(k+) or p(k-) tokens. We let 5 := 1/2 and obtain int$(Mo) = 
int 1/2(^0) = int{Mo). By our assumption there are arbitrarily fast disc-computa- 
tions from Mo and thus there exists an infinite Mo-disc-computation tt with A(tt) < 
1/2 = 1-5. Therefore, by Lemma EH int(M ) = int s (M ) G INF'. 

(b) If D 7^ then we define e > as the minimal non-zero distance of the age of any 
token in Mo from the next higher integer. 

e := min(D) > 

Let 5 := 1 — e/2. Then intg(Mo) = int(Mo). By our assumption there are arbi- 
trarily fast disc-computations from Mo and thus there exists an infinite Mo-disc- 
computation n with A(-7r) < e/3 < 1 — 5. Therefore, by Lemma 13.91 int(Mo) = 
int 5 (M ) G INF'. 

(2) Now we consider the case that there are arbitrarily fast time-computations from Mo. 
Again there are two cases. 

(a) Assume D = 0, i.e., all tokens in Mo have integer ages. Since there are arbitrarily 
fast time-computations from Mo, there exists a marking Mi such that Mo — >a Mi 
with < A < 1/3 and an infinite disc-computation ir from Mi with A(-7r) < 1/3. 
It follows that T(int(M Q )) = int(Mi). We let S := 1/2 and obtain int s (Mi) = 
m£i/2(Mi) = int(Mi) = r(int(Mo)). Since tt is an infinite Mi-disc-computation 
with A(tt) < 1/3 < 1/2 = 1 - 5, Lemma E3S yields mtj(Mi) G INF'. Therefore 
T(int(M )) = mttf(Mi) G INF'. 

(b) Now assume D 7^ 0. As before, we define e := min(D) > and 5 := 1 — e/2. 
Since there are arbitrarily fast time-computations from Mo, there exists a marking 
Mi such that Mo — >a Mi with < A < e/3 and an infinite disc-computation tt 
from Mi with A(tt) < e/3. It follows that r(mt(Mo)) = m£(Mi), because A < 
e. Furthermore, ints{M\) = int{M\), because A < e/3 < e/2 = 1 — 5. Thus 
r(mi(Mo)) = int${M\). Since tt is an infinite Mi-disc-computation with A(-7r) < 
e/3 < e/2 = 1 - 5, Lemma E21 yields int 5 (M 1 ) G INF'. Therefore r(mi(M )) = 
int s {Mx) G ZJVF'. □ 

Lemma 5.4. Consider a TPN N with marking Mq and the corresponding SD-TN N' . 
int(M ) G INF' => M G ALIZENO. 
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Proof. Let M' := int(M ) G INF'. Then, by Lemma E3H we have 

3w- G perm(M'~).Vw+ G perm(M' + ). {Reg(M' ,w+,w.)f C (J ZENO 1 ' 6 

5>0 

From the definition of the function int we know that M'~ is empty and thus u>_ = e, 
i.e., the empty sequence. Thus, Vw + G perm(M' + ).\Reg(M' \w + ,e)f C U«5>o ZENO 1 ' 5 , 
and therefore Mo E U<5>o ZENO 1 ^^ . It follows that there exists some fixed 5 > such 
that M G ZENO 1 ' 5 . Let e := 1 - 5 < 1. Then there exists some Mo-computation 7r £ 
s.t. A(7r e ) < e < 1. This Mo-computation 7T e in iV corresponds to an M'-computation in 
N'. Therefore, in 7r e , no original tokens in Mo reach the next higher integer age by aging, 
because M' := int(Mo), i.e., because there are no p{k— ) tokens in M'. 

We now show that there exist arbitrarily fast Mo-computations Tr € / n with A(7r e / n ) < e/n 
for any n > 1. For any n > 1 we obtain 7r e / n by modifying ir e as follows. Every timed 
transition — >$. in 7r e is replaced by a timed transition —>Si/n m 71 'e/n- I n order to ensure that 
in 7r e/ / n the same tokens do (or don't) reach/exceed the next higher integer age during the 
same timed transition as in n e , we modify the ages of the newly created tokens. Any token 
of age x which is newly created in ir e is replaced in ir e / n by a newly created token (on the 
same place) of age x + (n — 1)( \x] — x)/n. This is possible, because all bounds of the time 
intervals on transition arcs in the TPN are integers. Since no original tokens in Mq age to 
the next higher integer age in those runs, this suffices to make 7r e / n a feasible run from Mo. 
So we obtain that 7r e / n is a Mo-computation and A(7r 6 / n ) = A(7r e )/n < e/n. Therefore, 
M G ALLZENO. □ 

Lemma 5.5. Consider a TPN N with marking Mq and the corresponding SD-TN N' . 
M G ALLZENO (mt(M ) G INF' V T(int(M )) G INF'). 

Proof. The "=>" implication holds by Lemma 15.31 For the "^=" implication there are two 
cases. 

(1) int(Mo) G INF'. Then M G ALLZENO by Lemma El 

(2) T(int(M )) G INF'. Let 

D := {(\x] -x) | 3p.M ((p,x)) > A (\x] - x) > 0} 

If D ^ then let e := min(£>)/2 > else let e := 1/2. Let a := e/i for i > 1. Let M, 
be the marking that is reached from Mo after time passes, i.e., Mo — > e . Mj. Since 
6j < min(D) (or e, < 1 if D = 0), we have int(Mi) = r(mt(Mo)) and thus int (Mi) G 
MF' for all i > 1. It follows from Lemma El that M, G ALLZENO. Therefore there 
exist arbitrarily fast time-computations from Mo and thus Mo G ALLZENO. 

Similarly as in Section [3l we compute the set ALLZENO as a multi-region upward 
closure. We compute a MRUC AZ and prove that [AZ\ = ALLZENO. 

Definition 5.6. Let iV be a TPN with corresponding SD-TN N f , as in Subsection 13. 1\ and 
INF' min from Def. 13.61 Let INF'^^ be the restriction of INF' min to markings without tokens 
on p(k— ) places. Let 

INF': mn := {M G INF' mm \ Vp, fc. M(p(fc-)) = 0} 

and 

r := {M' G n' | M' G V t(M') G /iVF'Vj 
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and 

AZ:= (J |J {Reg(M', w+, e)} 

Af'er u) + £perm(M'+) 

Note that it follows from the definition of the function r and the finiteness of INF" min 
that r is finite. 

Lemma 5.7. \AZ\ = ALLZENO. 

Proof. Let Af G [L4Z]. Then there is an Af ' G T and a w + G perm(M' + ) such that Af G 
[i?e5(M',i(; + ,e)] T . Thus there exists some marking Af" < M s.t. Af" G [i?eg(M', e)J. 
Therefore int(M") = M' G T. Since MF'^„ C JJVF', it follows that int(M") G JJVF' V 
r(int{M")) G JJVF'. By Lemma[53]we have M" G ALLZENO and thus Af G ALLZENO" 1 = 
ALLZENO. 

To prove the reverse inclusion, let Af G ALLZENO. Then, by Lemma 15.51 int(M) G 
INF' or T{int{M)) G INF'. 

• Consider the case where int(M) G INF . From the definition of the function int (Def. 15.2]) 
it follows that int(M) does not contain any tokens on p(k— ) places. Therefore, there exists 
some marking Af" G INF" min s.t. int(M) > Af" G T. 

• Consider the case where r{int(M)) G INF' . From the definition of the functions int 
and t (Def. I5.2|) it follows that r(int(M)) does not contain any tokens on p{k—) places. 
Therefore, there exists some marking Af' G INF" min s.t. r(int(M)) > Af. It follows from 
the definition of the functions int and r and the fact that Af ' G INF" min that there exists 
some marking Af" < mi(Af) s.t. r(M") = Af' . Since Af' G INF'^, we have Af" G T. 
Therefore there exists some marking Af" G T s.t. int(M) > Af". 

Thus in both cases there is some marking Af" G T s.t. int(M) > Af". 

It follows that there exists some w+ G perm{M" + ) such that Af G {Reg (Af", e)J* C 
1^1 ■ □ 
Theorem 5.8. Lef iV 6e a TPiV. T/ie set ALLZENO is effectively constructible as a MRUC. 

Proof. We first construct the SD-TN N' corresponding to N, according to Subsection 13.11 
Then we consider the MRUC AZ from Def. EE We have ALLZENO = [AZ] by LemmaO 
The MRUC AZ is effectively constructible by Lemma [3. 41 1 Definition 15.61 an d Lemma [2,10l 

□ 

Finally, we consider the problem whether, for a given marking, there exists an infinite 
computation which takes no time at all. 

Zerotime-Problem 

Instance: A timed Petri net N, and a marking Af of N. 

Question: Does there exist an infinite Af-computation tt such that A(ir) = ? 

A marking Af is called a zerotime-marking of iV iff the answer to the above problem is 
'yes'. 

For a timed Petri net N, we let ZEROTIME denote the set of its zerotime-markings. 

The construction of the set ZEROTIME as a MRUC is similar to the construction of 
ALLZENO. The differences are that in the construction of the SD-TN N' the transitions 
which encode the time-passing phase (i.e., Subsubsection I3.1.4h are left out. (Thus N' 
is a normal Petri net.) Furthermore, the function r is not needed, since all zerotime- 
computations are disc-computations. 
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Lemma 5.9. Consider a TPN N with marking Mq and the corresponding Petri net N' as 
in Subsection{3J\ (without Subsubsection \3T^ . Then M Q € ZEROTIME int(M Q ) 6 

INF'. 

Proof. If M <G ZEROTIME then it has an infinite disc-computation tt with A(ir) = 0. Thus 
int(M ) £ INF' by the proof of Lemma E3J If int(M ) € INF' then M € ZEROTIME, 
because there are no time-passing phases in the Petri net N'. □ 

The definition of the needed MRUC ZT is a simplification of Definition 15.61 

Definition 5.10. Let N be a TPN with corresponding Petri net N', as in Subsection 13.11 
(without Subsubsection [37L~4"|) , and INF' min from Def. 13.61 Let INF" min be the restriction of 
INF' min to markings without tokens on p(k-) places. Let 

INFl m := {M e INF' mm | Vp, k. M(p(k-)) = 0} 

and 

ZT := (J |J {Reg(M',w + ,e)} 

M'eINF'^ in w + £perm(AI'+) 

Lemma 5.11. [ZT\ = ZEROTIME. 

Proof. This follows directly from the definitions and Lemma [5.91 similarly as in Lemma [5 .71 

□ 

Theorem 5.12. Let N be a TPN. The set ZEROTIME is effectively constructible as a 
MRUC. 

Proof. We first construct the Petri net N' corresponding to N, according to Subsection 13. II 
(without Subsubsection I3.1.4|) . Then we consider the MRUC ZT from Def. I5.1UI We 
have ZEROTIME = {ZT} by Lemma ETQ The MRUC ZT is effectively constructible by 
Lemma 13.411 Definition 15. 1U\ and Lemma I2.1UI □ 

6. Universal Zenoness 

The zenoness problem in Section [3] can be seen as existential zenoness, i.e., the question 
whether there exists an infinite zeno computation, and it is decidable by Theorem 13.421 

Here we consider the universal zenoness problem, i.e., the question whether all infinite 
computations from a given marking are zeno (i.e., take only finite time). 

Universal Zenoness Problem 

Instance: A timed Petri net N and a marking M. 

Question: Is it the case that for every infinite M-computation tt, there exists a finite 
number m s.t. A(ir) <ml 

We will prove the undecidability of the universal zenoness problem by a reduction from 
an undecidable problem for lossy counter machines |May03| . To simplify the presentation, 
we no not consider the universal zenoness problem directly, but its negation. 

Non-Zenoness-Problem 

Instance: A timed Petri net N and a marking M. 

Question: Does there exist an infinite M-computation tt, such that A(ir) = oo ? 
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Obviously, a Petri net N with marking M is a positive instance of the Universal Zenoness 
Problem if and only if it is a negative instance of the Non-Zenoness-Problem. 

A marking M is called a nonzeno-marking of N iff the answer to the Non-Zenoness- 
Problem problem is 'y es '- 

We consider a timed Petri net N. We let NONZENO denote the set of the non-zeno- 
markings of N . The set NONZENO is not the complement of the set ZENO. A marking 
of a TPN can have infinite zeno runs or infinite nonzeno runs or both or neither. 

In the following, we show that the Non-Zenoness-Problem is undecidable, which implies 
the undecidability of the Universal Zenoness Problem. The proof is done by reducing the 
universal termination problem for lossy counter machines to the Non-Zenoness-Problem for 
TPN. 

6.1. Lossy Counter machines. Lossy counter machines (LCM) |May03 are Minsky- 
counter machines where the values in the counters can spontaneously decrease (i.e., part of 
the counter value is lost). Different versions of LCM are defined by the way in which this 
decrease can happen (e.g., just 1 lower, any lower value, or a reset to zero), which is formally 
expressed by so-called lossiness relations [May03 . Here we consider the classic variant of 
LCM where counters can spontaneously change to any lower value. In this model, any test 
for zero of a counter could always be successful by a spontaneous reset to zero. Thus classic 
LCM are equivalent to the following model. 

A lossy counter machine is a tuple L = (Q,qo,C,5), where Q is a finite set of states, 
qo G Q is the initial state, C is a finite set of counters and 5 is a finite set of instructions. 
An instruction is a triple of the form (q,instr,q'), where q,q' G Q and instr is either an 

increment (of the form C++); a decrement (of the form c ); or a reset (of the form c := 0) 

for a counter cm. C. 

A configuration 7 of L is of the form (q, Vat), where q G Q and Vol is a mapping from 
the set C of counters to the set N of natural numbers. We define a transition relation ~» on 
the set of configurations such that (q, Val) ~> (q 1 , Val') iff one of the following conditions is 
satisfied: 

(1) (q,c++,q') G 5, Val'{c) = Val(c) + 1 and Val'(c') = Val(c') if d / c. 

(2) (q,c ,q') G 5, Val(c) > 0, Val'(c) = Val(c) - 1 and Val'(d) = Val(d) if d / c. 

(3) (q,c:= 0,q') G S, Val'{c) = and Val'(d) = Val{d) if d + c. 

(4) q' = q, Val'{c) = Val{c) - 1 for some c G C, and Val'(d) = Val{d) if d ^ c. 

We use ^ for denoting the reflexive, transitive closure of For a configuration 7, a 7- 
computation tt of L is a sequence of configurations 70, 71, 72, • • •, where 70 = 7 and 7« ~> 7i+i, 
for i > 0. 

The universal termination problem for LCMs is defined as follows (sec [May03|). 
3n. LCM 1 " 1 

Instance: A LCM L with 4 counters and a control-state qo. 

Question: Does there exist a finite number n such that there is an infinite computation of 
L from the configuration 70 = (qo, n, 0, 0, 0)? 



Theorem 6.1. |May03| 3n. LCM^ is undecidable. 
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6.2. Undecidability. We show the undecidability of the non-zenoness problem for TPNs 
through a reduction from 3n. LCM U . 

Given an instance of 3n. LCM^ , i.e., an LCM L and a state qo of L, we construct an 
equivalent instance of the non-zenoness problem, i.e., we derive a TPN N and a marking 
M of N, such that non-zenoness problem for TPNs has a positive answer if and only if 
3n. LCM 1 ^ has a positive answer. 

The idea is as follows. First the TPN performs a loop, taking zero time, which puts 
a number n of tokens on a certain place. This encodes guessing the number n. Then the 
TPN faithfully simulates the computation of the LCM from configuration (qo,n, 0,0, 0) in 
such a way that every single step takes at least one time unit. This simulation of the LCM 
is the only possible infinite non-zeno run of the TPN since the initial guessing-loop takes 
zero time. Thus the TPN has an infinite non-zeno run iff there exists a number n s.t. the 
LCM has an infinite run from (qo,n, 0, 0, 0). 

The following encoding of LCM into TPN is similar to the constructions in [dFERAOOl 
IAN02] . except that we enforce that every simulation step takes at least one time unit. This 
delay is crucial for our proof. 

Consider the LCM L = (Q,qo,C,S). We construct a corresponding timed Petri net 
(TPN) N = (P, T, In, Out) as follows. For each state q € Q there is a place in P which 
we call place q. We use Pq to denote the set of places of N corresponding to the states 
Q. Also, for each counter c G C there is a place in P which we call place c. We use Pq 
to denote to the set of places corresponding to counters. There are also six intermediate 
places for simulating each increment and decrement instructions and five such places for 
simulating each reset instruction of the LCM. 

A configuration 7 of L is encoded by a marking M in N when the following conditions 
are satisfied. 

• The state of 7 is defined in N by the element of Pq which contains a token. (The TPN 
N satisfies the invariant that there is at most one place in Pq which contains a token). 

• The value of a counter c in 7 is defined in M by the number of tokens in place c which 
have ages equal to 0. (Tokens which have ages greater than are considered to have been 
lost and do not affect the value of the counter). 

Losses in L are simulated either by making the age of the token strictly greater than 0, or 
by firing a special loss c transition which can always remove tokens from the place c in Pq. 
Transitions in L are encoded by functions In and Out in N reflecting the above properties 
and are defined as follows. 

• An increment 1 = (q,c++,q') in S is simulated by a set of transitions in T which are of 
the form in Figure [14j These transitions effectively move a token from place q to place 
q' and adds a token of age to place c. However, we let at least one time unit pass 
during these transitions. To achieve this, we use two intermediate places r\ and for 
each increment instruction 1. The transition t\ is fired by moving a token from place q to 
place r\ and resets its age to 0. The token in r\ has to stay there for a time equal to 1 and 
then the transition t% is fired. If more time passes, then this token in r\ will forever stay 
in place r\ after which no tokens will ever reside in any place in Pq and thus the net will 
deadlock. The idea is that the TPN should not have any zeno-run during the simulation 
of any operation of the LCM. So, during the simulation of the increment-operation, we 
need to wait at least for one time unit. This makes the ages of all tokens in places Pq 
at least equal to 1. Thus, in order to avoid resetting the values of the counters, we add, 
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Figure 15: Simulating the operation of decreasing the counter 
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for each counter in C a new transition. In Figure [141 we assume that Pc = {ci, . . . , Cn} 
and thus we add the transitions t\,(%, ■ ■ ■ These transitions are used to refresh the 
ages of the tokens in the places in Pq. Now, if a token in place c\ has its age equal to 
1, and thus has become too old for firing other transitions (decrements), it is replaced by 
a fresh token of age 0. Notice that the refreshment phase either does not take any time 
at all or it deadlocks. Finally, when the transition is fired, the new control state will 
be q' and there will be a new token of age in c. The resulting marking will therefore 
correspond to the counter c having an increment by the value 1. The refreshing process 
for the counters ci, . . . ,c n will be stopped after firing if, since the token in will now 
be removed. Notice that some tokens in c\, C2, . . . , c n may be lost (i.e., may still have age 
greater or equal to 1), since the TPN has a lazy semantics and these tokens may not have 
been refreshed. Possibly losing tokens is allowed in the simulation of LCM by TPN, since 
the semantics of LCM allows spontaneous decreases in counters. 

A decrement i = (q,c ,q') in 5 is simulated by a similar set of transitions in T which 

are of the form in Figure [151 These transitions also move a token from place q to place q' 
and remove a token of age from place c. Again, we let at least one time unit pass during 
these transitions. The description is similar to the case for the increment-operation. 
For each place c in Pc = {ci, . . . , c n }, there is a transition which we call loss c (Figure [T6]) . 
A transition loss c removes a token of age from the counter c £ Pc and thus simulates 
the lossiness of counter c. 




Cl 



[0 : 0] 

l0SS r 




C2 



[0 : 0] 

lOSSr 




[0:0] 

l0SS r 



Figure 16: Simulating losses. 



The construction for the reset instruction i = (q,c := 0, q') in 5 is shown in Figure [171 

The idea is that we reset the value of counter c to 0, by making the ages of all tokens 
in place c at least equal to 1. Observe that we simulate resetting the counter in L by 
resetting the counter in N. All tokens in each of the places in Pc which had age have 
now age equal to 1. Thus, in order to avoid resetting the values of the counters other than 
c, we add, for each counter in C — {c} a new transition. In Figure [T71 we assume that 
Pc — {c} = {ci, . . . , c n } and thus we add the transitions £\,0%, ...,£?. These transitions 
are used to refresh the ages of the tokens in the places in Pc — {c}, i.e., all counters can 
be refreshed expect c. Now, if a token in place Cj has its age equal to 1, and thus has 
become too old for firing other transitions (decrements), it is replaced by a fresh token 
of age 0. Finally, when the transition t% is fired, the new control state will be q', and 
each token in place c will have an age which is at least one. The resulting marking will 
therefore correspond to the counter c having the value 0. 

Initialization. To guess the initial value in counter c\ of the LCM, we add an extra place 
qinit in P and add two transitions in T, shown in Figure [THJ First the transition t H is 
enabled if there is a token in qi n n with age 0. By executing this transition n times (for 
some n > 0) without letting any time pass, we can produce n tokens in the counter c±. 
This simulates an initial value n of c\ in LCM. Then, we switch control for simulating the 
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For all 

Cj ^ c 




Figure 17: Simulating the operation of resetting the value of the counter c to 0. All other 
counters Cj with Cj ^ c can be refreshed. 

usual operations of the LCM by executing the transition t l2 in Figure fT8| which moves 
the token from qi n u to go- 



[0:0] 



[0:0] „ 




Figure 18: Initialization. 



Consider a marking M of N and a configuration 7 = (q, Val) of L. We say that M is 
an encoding of 7 if M contains a token in place q and the number of tokens with ages equal 
to in place c is equal to Val(c) for each c £ C. Furthermore, all other places in M are 
empty. 

We also use the following notion of intermediate markings. A marking is called inter- 
mediate if it has a token in place r\ (rf ) where % is of the form (q, c := 0, q') and there are 
no tokens in other intermediate places and in those belonging to Pq. 
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We derive N from L as described above. We define Mo to be [(<7mit, 0)]. 

Lemma 6.2. N has an infinite non-zeno Mq = [(qinit,®)}- computation if and only if there 
exists an n > s.t. the LCM L has an infinite 70 = (qo,n, 0,0,0) -computation. 

Proof. 

<=: Let 70 := (go, n, 0,0,0) and Mq := [(<7mit,0)]- Given an infinite 70-computation tt of L, 
we show that there is an infinite non-zeno Mo-computation tt' . 
To show this, it is enough to prove the following. 

(a) Starting from a marking Mo in TPN, there is a zero-time computation from Mo to a 
marking M which is an encoding of 70. In fact, Mo — >t — >t l2 M (see Figure [IB]) . 

(b) After the initialization step, given two configurations 7, 7' of L such that 7^-7' and 
a marking M which is an encoding of 7, there is a sequence in N of the form M = 
Mo — ► Mi — ► • • • — ► Mfc = M' where k > 1 and the following holds. 

• M' is an encoding of 7'. 

• Mj is an intermediate marking for < % < k. 

Since 7 7', we know that 7' is derived from 7, using one of the four possible types of 
transitions described for LCMs. We show the claim only for the first case, namely when 7' 
is derived from 7 by executing an increment instruction %. The other cases can be explained 
in a similar manner. Let 7 = (q, Val) and 7' = ((/', Val'). Since M is an encoding of 
7, it means that place q in M contains a token. From the construction described above 
(Figure [l"i]) we know that from M, we can fire t\ and produce a marking M\ such that 
M — > t i M\. Mi is obtained from M by removing the token from q and adding a token 
of age in r\. This means that both M and M\ contains exactly equal number of tokens 
of age at each place in Pc- 

Next we let time pass by one time unit and obtain a marking Mi such that M\ — >\ M\. 
This means that M — > M\. Notice that all the tokens with age in the places of P c in Ai\ 
have transformed into tokens of age 1 in Mi . Now, firing the transition t% from Mi results 
in a marking Ai 2 such that Mi — > t 2 A4 2 - The transition t% removes the token of age 1 
from r\ and adds a token of age in r, 2 . Here, for each place in Pc, there are no tokens 
with age less than 1. Furthermore, the number of tokens of age 1 in each place c' € Pc is 
the same in both Mi and M 2 . We define M 2 = M 2 . So, M x — ► M 2 . 

To restore the ages of the tokens of age at each place in Pc in the marking Mo (these 
tokens correspond to the values of the counters in 7), we start a refreshment phase. Suppose 
for a counter c\ € Pc, Val{c\) = x. Then we fire the transition £\ x times from M 2 and 
refresh all x tokens of age 1 in c\ to age 0. Similarly we refresh all tokens of age 1 in the 
other counters in Pq. Notice that we do not let time pass between these discrete transitions. 

The markings M\,M%, . . ., etc. in the above are all intermediate markings. Now we fire 
the transition t^ by moving the token from to q' and adding a token of age to place 
c, yielding a marking M' . This means that for each counter c' 6 Pc \ {c}, the number 
of tokens of age in d for M' is the same as that for M. Furthermore, in comparison to 
marking M, there is exactly one extra token of age at place c in M'. This means that the 
new marking M' will be an encoding of 7' and M — > M'. 

The simulation of other operations can be explained in a similar manner. 

Now, if there exists some number n s.t. the LCM has an infinite computation from 
(qo, n, 0,0,0) then the TPN has an infinite non-zeno computation from an initial marking 
that corresponds to (qo, n, 0, 0, 0). This is ensured by the initialization step and the above 
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simulation of operations in LCM. The non-zenoness of the computation in TPN is ensured 
by passage of time during each operation of LCM. Notice that the initialization step takes 
zero-time. 

=>: Suppose that there is an infinite Mo-computation tt of N taking infinite time. It follows 
that tt must contain the transition t l2 , since the initial i tl -loop takes zero time. Consider the 
maximal subsequence tt' of tt, where each marking in tt is an encoding of some configuration 
of L. The sequence tt' exists for the following reasons. 

• Since tt is non-zeno and infinite, the computation tt is infinite even after the zeno initial- 
ization step. 

• Furthermore, each operation (increment, decrement, etc) takes a finite non-zero amount 
of time (this follows from the constructions (see the Figures) for increment, decrement 
and resetting). 

From the initialization step, it is straightforward that in zero time we reach a marking 
which is an encoding of 70 = (qo, n, 0, 0, 0) for some n > 0, i.e., the encoding of 70 is 
the configuration reached immediately after firing transition t l2 at the end of the initial 
guessing-phase. In the following, we show that there is an infinite 70-computation. 

To prove this, it is enough to show that given two consecutive encodings M and M' 
(with only intermediate markings in between) in tt' and a configuration 7 which is an 
encoding of M, there is a configuration 7' such that 7 ~> 7'. Let 7 = (q, Val). 

Since M — —> M' we know that there are markings Mq, . . . , such that M = Mq — ► 
M\ — ► • • • — ► Mfc = M' where k > 1 and Mi, . . . , Mk_i are intermediate markings. 

There are two cases. Either k = 1 or k > 1. 

If k = 1, i.e., M — ► M' , we know that M' can be derived from M by firing a discrete 
transition. This means that there is a marking M. such that M — >t M' where the discrete 
transition t corresponds to Figure fl6l 

If k > 1, then M' is obtained from M by firing transitions corresponding to those in 
Figure [T4"l IT5| and [TTJ. For instance, consider that 1 = (q, C++, q') is an instruction in L, 
for some counter c. From the construction of Figure [Til we know that the ages of some of 
the tokens in Pq may exceed 1, since not all tokens need to be refreshed. We can derive 7' 
from 7 by first performing loss transitions corresponding to tokens which become too old 
followed by executing the instruction (q, C++, q'). Similarly, we can perform loss transitions 
followed by a decrement or a reset instruction of the LCM. □ 

Theorem 6.3. The Non-Zenoness-Problem for TPN is undecidable. 

Proof. Directly from Lemma 16.21 and Theorem 16.11 □ 

Since Non-Zenoness-Problem is the negation of the Universal Zenoness Problem, this 
implies the following result. 

Theorem 6.4. The Universal Zenoness Problem for TPN is undecidable. 

7. Token Liveness 
First, we define the liveness of a token in a marking. 

Let M be a marking in a TPN N. A token in M is called syntactically k-dead if its age 
is > k. It is trivial to decide whether a token is fe-dead from a marking. 
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A token is called semantically live from a marking M, if we can fire a sequence of 
transitions starting from M which eventually consumes the token. Formally, given a token 
(p, x) and a marking M, we say that (p, x) can be consumed in M if there is a transition t 
satisfying the following properties: 

• t is enabled in M. 

• In(t,p) is defined and x 6 In(t,p). 

Definition 7.1. A token (p, x) in a marking M is semantically live if there is a finite M- 
computation 7r = MM\ ■ ■ ■ M r such that the aged token (p, x + A(7r)) can be consumed in 
M r . By L(M) we denote set of of all live tokens in M. 

Note that token liveness is defined here for individual tokens, not sets of tokens. There 
are nets and markings where two tokens (p, x) and (q, y) are both live, but where it is 
impossible to consume both of them. 

Semantic liveness of tokens in TPN 

Instance: A timed Petri net N with marking M and a token (p, x) £ M. 
Question: Is (p,x) live, i.e., (p,x) £ L(M) ? 

We show decidability of the semantic token liveness problem by reducing it to the 
coverability problem for TPNs (which is decidable due to Lemma |2. 12 j) . 

COVERABILITY PROBLEM 

Instance: A TPN N, a finite set of initial markings Mj„jt of N, and an upward closed set 

t of markings of N, where M^ ra is finite. 
Question: M irdt -^M^f? 

Theorem 7.2. The coverability problem is decidable for TPN |AN01] . 

Suppose that we are given a TPN N = (P, T, In, Out) with marking M and a token 
(p,x) € M. We shall translate the question of whether (p,x) 6 L(M) into (several instances 
of) the coverability problem. To do that, we construct a new TPN N' by adding a new 
place p* to the set P. The new place is not input or output of any transition. Either there 
is no transition in N which has p as its input place. Then it is trivial that (p,x) £ L{M). 
Otherwise, we consider all instances of the coverability problem defined on N' such that 

• Mi n it contains a single marking M — (p, x) + (p* , x). 

• Mfi n is the set of markings of the form [(pi, xi), . . . , (p n ,x n ), (p* ,x')\ such that there is a 
transition t and 

- the set of input places of t is given by {p,pi, . . ■ ,p n }- 

- x' G In(t,p) and x% € In(t,pi) for each i : 1 < i < n. 

In the construction above, we replace a token (p, x) in the initial marking by a token (p*,x); 
we also replace a token (p,x') in the final marking where x' € In(t,p) by a token (p*,x'). 
The fact that the token in the question is not consumed in any predecessor of a marking 
in Mfi n , is simulated by moving the token into the place p* (in both the initial and final 
markings), since p* P and not an input or output place in N' . Therefore, the token is 
live in M of N iff the answer to the coverability problem is 'y es '- 
From Theorem 1 7. 2 1 we get the following. 

Theorem 7.3. The token liveness problem is decidable. 
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8. BOUNDEDNESS 

Given a system and an initial configuration, the boundedness problem is the question 
whether the size of any reachable configuration is bounded by a constant. In the context 
of a TPN, this is the question whether the number of tokens in any reachable marking is 
bounded. 

Every marking M is a multiset of timed tokens. The size of a marking M is defined 
as the size of this multiset, denoted as \M\ (see Def. 12. ip . In other words, \M\ denotes 
the number of timed tokens in M. Given a set of markings M, we define maxsize(M) := 
max{|M| | M £ M} as the maximal size of any marking in M. 

In Section [2] we defined Reach(Mo) := {M' \ Mq — —> M'} as the set of markings reach- 
able from Mq. 

The boundedness problem for a TPN with an initial marking Mq is then the question 
whether maxsize (Reach (Mq)) is bounded. 

Remark 8.1. Note that, unlike for normal untimed Petri nets, the boundedness problem 
for TPNs is not equivalent to the question whether \Reach(Mo)\ is bounded. By the lazy 
semantics of our TPNs (see Section [2]) time can always pass and increase the values of the 
clocks of the tokens. Thus (unless the initial marking is empty) one obtains infinitely many 
(even uncountably many) different reachable markings, even if the number of tokens stays 
constant. For example, consider a TPN with just one place p and no discrete transitions 
and initial marking Mq := {(p, 0)}. Then Reach(Mo) = {{(p, x)} \ x € R- } is infinite, but 
maxsize (Reach (Mq)) = 1. 

In this section we consider two different variants of the boundedness problem for TPNs. 
In syntactic boundedness all tokens in a marking count towards its size, while in semantic 
boundedness only semantically live tokens (see Section [7|) count. 

Syntactic Boundedness of TPN 

Instance: A timed Petri net N with initial marking Mq. 
Question: Is maxsize (Reach (Mq)) bounded ? 

We give an algorithm similar to the Karp-Miller algorithm |KM69j for solving the 
syntactic boundedness problem for TPNs. The algorithm builds a tree, where each node 
of the tree is labeled with a region. We build the tree successively, starting from the root, 
which is labeled with Rm - the unique region satisfied by Mq (it is easy to compute this 
region). At each step we pick a leaf with label R and perform one of the following operations: 

(1) If Post(R) is empty we declare the current node unsuccessful and close the node. 

(2) If there is a previous node on the branch which is labeled with R then declare the 
current node duplicate and close the node. 

(3) If there is a predecessor of the current node labeled with R' < r R then we declare 
maxsize(Reach(MQ)) infinite (the TPN is unbounded), and terminate the procedure. 

(4) Otherwise, declare the current node as an interior node, add a set of successors to it, 
each labeled with an element in Post(R). This step is possible due to Lemma 12.111 

If the condition of step [3] is never satisfied during the construction of the tree, then we 
declare maxsize (Reach (Mq)) finite (the TPN is bounded). 

The proof of correctness of the above algorithm is similar to that of original Karp-Miller 
construction [KM69| . The termination of the algorithm is guaranteed due to the fact that 
the ordering H on the set of regions is a well-quasi-ordering (follows from | Hig52 1 ) . 
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Theorem 8.2. Syntactic boundedness of TPN is decidable. 

A consequence of this result is that we can solve the non-termination problem for TPNs, 
i.e., the problem whether a given marking M has at least one infinite run. (Remember that, 
by our definition of TPN computations (see Section [2]), every infinite run must contain 
infinitely many discrete transitions.) 

Non-Termination of TPN 

Instance: A timed Petri net N, and a marking M of N. 
Question: Does there exist an infinite M-computation? 

A marking M is called a non-terminating marking of N iff the answer to the above 
problem is 'y es '- F° r a given timed Petri net N we let NONTERM denote the set of the 
non-terminating markings of N. 

Theorem 8.3. N on- Termination of TPN is decidable. 

Proof. By Theorem 18.21 we can decide syntactic boundedness. If the system is syntactically 
unbounded then it is certainly non-terminating. If the system is syntactically bounded, then 
all the markings in Reach(Mo) can be symbolically represented by the finitely many regions 
computed by the algorithm above. In this case we have non-termination iff there exists a 
cyclic (and thus repeatable) path among these regions which contains at least one discrete 
transition. (Cyclic paths containing only timed transitions do not induce valid infinite runs, 
since we require that every infinite run contains infinitely many discrete transitions.) 

This condition can easily be checked in the algorithm above as follows. If condition 
(3) is true on some branch then the system is non-terminating. If some branch stops with 
condition (2), then check if at least one step on the path from the previous node R to the 
duplicate node R was a discrete step. If yes, then there exists a repeatable path from R to 
R which contains at least one discrete transition and thus the system is non-terminating. □ 

Since semantically dead tokens cannot influence the behavior of a TPN (see Section [7J , 
one would like to abstract from them. 

Let N be a TPN with marking M. Then we define the live part of the TPN marking 
M as Reach l (M) := {L(M') \ M -% M'}, i.e, Reach l (M) is the set of reachable markings 
where the semantically dead tokens have been removed. 

Semantic Boundedness of TPN 

Instance: A timed Petri net N with initial marking Mo- 
Question: Is maxsize (Reach 1 (Mo)) bounded ? 

Theorem 8.4. Semantic boundedness of TPN is undecidable. 

Proof. Using slightly modified constructions of [RGdFE99] or |AN02j . we can easily derive 
the undecidability of semantic boundedness even for dense-timed Petri nets (sec [MahOSj). 
The idea is to use the same encoding of lossy counter machines (LCM) into TPN as in 
Section [5] (or a similar encoding, as shown in [Mah05j ) . In this encoding, the semantically 
live tokens (with age < 1) correspond to the counter values of the LCM while the older 
(semantically dead) tokens count as lost. Thus the TPN is semantically bounded iff the 
LCM is bounded. Since boundedness of LCM is undecidable |May03| , the result follows. Q 
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9. Summary and Conclusions 

9.1. Problems and their Relation to each other. We considered the following sets of 
markings of a given TPN. 

• NONTERM , the set of markings which have an infinite run. 

• NONZENO, the set of markings which have an infinite non-zeno run. 

• ZENO, the set of markings which have an infinite zeno run. 

• ALLZENO, the set of markings which have arbitrarily fast infinite runs. 

• ZEROTIME, the set of markings which have an infinite run taking no time at all. 

Note that NONZENO is not the complement of ZENO. A marking of a TPN can have 
infinite zeno runs or infinite non-zeno runs or both or neither. However, NONTERM = 
NONZENO U ZENO. 

First we consider the relationships between these sets, both for dense-timed Petri nets 
and discrete-timed Petri nets. 

For discrete-timed Petri nets, we trivially have ALLZENO = ZEROTIME, but for 
dense-timed nets ZEROTIME C ALLZENO, in general. For example, in the TPN of 
Figure [H we have that the marking [(X, 1), (Y, 1), (A, 1), (B, 1)] € ALLZENO, but the 
marking [(X, 1), (Y, 1), (A, 1), (B, 1)] $ ZEROTIME. 

For discrete-timed nets, every zeno-computation has an infinite suffix that takes no time 
at all and thus Pre* (ZEROTIME) = ZENO. However, for dense-timed Petri nets, it was 
shown in Lemma [5. II that there exist instances (e.g., Figure PT3]) where Pre* (ALLZENO) C 
ZENO, i.e., a strict subset. 

The inclusion ALLZENO C Pre* (ALLZENO) follows directly from the definition of 
Pre*. The following example shows that there exist instances where the inclusion is strict, 
i.e., ALLZENO C Pre* (ALLZENO) . (This works for both dense- and discrete time.) One 
constructs a TPN and marking Mq such that at Mq one must first wait 1 time unit before 
the first transition can fire. This transition then creates a marking Mi € ALLZENO. Thus 
M G Pre* (ALLZENO), but M £ ALLZENO. 

Furthermore, it is trivial (for both dense- and discrete time) that ZENO C NONTERM 
and NONZENO C NONTERM , and that there exist instances where these inclusions are 
strict. In general, the sets ZENO and NONZENO are incomparable. Finally, ZENO U 
NONZENO = NONTERM . The following theorem summarizes these results. 

Theorem 9.1. In general for dense-timed Petri nets 

ZEROTIME C ALLZENO C Pre* (ALLZENO) C ZENO C ZENO U NONZENO = NONTERM 

and for each inclusion there is an instance where it is strict. 
In general for discrete-timed Petri nets 

ZEROTIME = ALLZENO C Pre* (ALLZENO) = ZENO C ZENO U NONZENO = NONTERM 

and for each inclusion there is an instance where it is strict. 

9.2. Decidability Results. It has been shown in this paper that the sets ZEROTIME, 
ALLZENO, Pre* (ALLZENO), and ZENO are effectively constructible as MRUC (multi- 
region upward closures; see Def. 12. 9|) for dense-timed nets and thus also for discrete-timed 
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nets. Furthermore, we have shown in Section [6] that NONZENO is undecidable for dense- 
timed nets. This undecidability proof carries over directly to discrete-timed nets, since all 
delays are of length > 1. 

The situation is slightly more complex for the set NONTERM . Theorem 18 . 3 1 showed the 
decidability of the non-termination problem for dense-timed nets. This decidability result 
trivially carries over to discrete-timed nets. Like all the other sets of markings considered 
here, the set NONTERM is closed under the relation = on regions (see Def. I2.3|) and it 
is also upward-closed. Thus it is representable as a MRUC. However, this MRUC is not 
effectively constructible. It has been shown by Escrig et al. [dFERAOO] that NONTERM 
is not effectively constructible even for discrete-timed Petri nets. Their proof is similar to 
the construction in Section [6] (except for the initial guessing phase). A timed Petri net 
can simulate a lossy counter machine (or a reset Petri net). Thus, if one could effectively 
construct NONTERM , then one could decide the universal termination problem for lossy 
counter machines Eire. LCM^ (see Section [6]) which is known to be undecidable |May03| . 

The following table summarizes the results on decidability and effective constructibility 
of the considered sets of markings of TPN. Note that all those results coincide for discrete- 
timed nets and dense-timed nets. However, the proofs are harder for dense-timed nets. 



Set 


Decidable? 


Effectively constructible? 


NONTERM 


Yes (Thm. [8J5]) 


No QdFERAOOj) 


NONZENO 


No (Thm. I6.3D 


No (Thm. I6.3D 


ZENO 


Yes (Thm. I3.42p 


Yes (Thm. 13.421) 


Pre* (ALLZENO) 


Yes (Thm. l^HJand Lemma [2J2J) 


Yes (Thm. I5ji]and Lemma 12T2J) 


ALLZENO 


Yes (Thm. |5JiD 


Yes (Thm. ILSJ) 


ZERO TIME 


Yes (Thm. [5JJ2J) 


Yes (Thm. 15.12) 



9.3. Conclusion and Future Work. We have solved several open problems about the 
verification of dense-timed Petri nets (TPNs) in which each token has an age represented 
by a real number, where the transitions are constrained by the ages of the tokens and the 
firing semantics is lazy. This class is closely related to the class of parameterized systems 
of timed processes where each process is restricted to have a single clock [A J03] . 

We have shown decidability of zenoness, existence of arbitrarily fast computations, 
token-liveness and syntactic boundedness for TPNs, as well as the undecidability of universal 
zenoness. 

To solve the zenoness problem, we defined a new class of untimed Petri nets (SD-TN) 
which is more general than standard Petri nets, but which is a subclass of transfer nets. 
For these SD-TN, we gave a method to compute a characterization of the set of markings 
from which there are infinite computations. This is interesting in itself, since for general 
transfer nets such a characterization is not computable [DJS99} May03| . 

We have considered TPNs with just one real- valued clock per token. For all the problems 
studied so far, the decidability results coincide for dense-time and discrete-time (although 
the proofs for dense-time are harder). 

However, if we consider TPNs with two clocks per token, there is a decidability gap 
between the dense-time and the discrete-time domain. The coverability problem becomes 
undecidable for dense-timed TPNs with only two clocks per token, while it remains decidable 
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for discrete-timed TPNs with any finite number of clocks per token [ADM04] . The class of 
TPNs with multiple clocks per token is related to parameterized systems of timed processes, 
with multiple clocks per process |ADM04] . It is therefore worth investigating whether this 
more general class induces a similar gap for the problems we have considered in this paper. 
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